This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* golang: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* undertow: HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)
* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* golang: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
* undertow: HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)
* undertow: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
* undertow: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
* infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)
* spring-security-core: mishandling of user passwords allows logging in with a password of NULL (CVE-2019-11272)
* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)
* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)
* xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570)
* js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
* logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)
* js-jquery: XSS in responses from cross-origin ajax requests (CVE-2017-16012)
* apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip (CVE-2018-11771)
* spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher (CVE-2019-3802)
* undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)
* shiro: Cookie padding oracle vulnerability with default configuration (CVE-2019-12422)
* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. (CVE-2019-12814)
* jackson-databind: Polymorphic typing issue related to logback/JNDI (CVE-2019-14439)
* springframework: DoS Attack via Range Requests (CVE-2018-15756)
* c3p0: loading XML configuration leads to denial of service (CVE-2019-5427)
* undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
{"nessus": [{"lastseen": "2023-02-02T16:25:09", "description": "Update to Node.js 10.6.13\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Fedora 30 : 1:nodejs (2019-5a6a7bc12c) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:nodejs", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-5A6A7BC12C.NASL", "href": "https://www.tenable.com/plugins/nessus/128131", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-5a6a7bc12c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128131);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9513\", \"CVE-2019-9514\", \"CVE-2019-9515\", \"CVE-2019-9516\", \"CVE-2019-9517\", \"CVE-2019-9518\");\n script_xref(name:\"FEDORA\", value:\"2019-5a6a7bc12c\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Fedora 30 : 1:nodejs (2019-5a6a7bc12c) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to Node.js 10.6.13\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-5a6a7bc12c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:nodejs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"nodejs-10.16.3-1.fc30\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:nodejs\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-03T15:22:11", "description": "Update to Node.js 10.6.13\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Fedora 29 : 1:nodejs (2019-6a2980de56) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:nodejs", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-6A2980DE56.NASL", "href": "https://www.tenable.com/plugins/nessus/128133", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-6a2980de56.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128133);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"FEDORA\", value:\"2019-6a2980de56\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Fedora 29 : 1:nodejs (2019-6a2980de56) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Update to Node.js 10.6.13\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a2980de56\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:nodejs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"nodejs-10.16.3-1.fc29\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:nodejs\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-22T15:30:28", "description": "The version of Junos OS installed on the remote host is affected by multiple denial of service vulnerabilities as referenced in the JSA11167 advisory:\n\n - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams.\n They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9511) \n - Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. (CVE-2019-9513)\n\n - Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. (CVE-2019-9514)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "Juniper Junos OS Multiple DoS Vulnerabilities (JSA11167)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA11167.NASL", "href": "https://www.tenable.com/plugins/nessus/149967", "sourceData": "#TRUSTED 189bd305cb7288793968d490b5b226d84de7ddc98a015d59d27403edc4e5a23a808bc88751b4971810c3e3a3f40898bbb7fcb02fe672735a3191ec1a3422f581e86ae70c17e1e1a2eae2b6f5982bd09257abdd445902f3805004769c541ee37b6497d730bc49a1431d9447eb36cf967434aef704301f7edcc02e55128dd9f2faa89f83b53d4a525104d5705d296db525505fa6ea2b7f2fe0ff314d5c154a32fb49dd591a7c48bf51e9b8f3931512dcf4d118006a2bfe4399bd0f6f42d1d574862bb489852471ac5fe1ea865cc8fc170de596125e5ced45c6e85370c25b5fe6d5c7bd0aa067ea3603eb6d6c631ddd45ac449f8dd85ef724872f5f89536195714d2edf02f82d2e875aaff0a4f2ed0aff71788cfa77bb5adf0d8983bb36b6e378cdd64cce58e7837342ac53aaea4cd9e7d1b901f40b5fbd13e67d305bca39c1262dd97f7cca61427c0fe1561d8905f6d041502e8c3b653d128344a27c67878ce9a9bc85c8c08c2a1c11ed7d6ae36e9cf268f703a4d72ed6307bcb21c044cc65c6093d171ccceb3db278fae6905898ab318cb86f2cdfce00a10459e8a4b712148c63fea029c326497e7fa6e9d2431b885e65dbfaca1527b3882568d0d576a9f609342a36a6ac842917e0f9f859e283e1e91e4e8a1601275be7faf2822af7ff3eebbd2fa90b35a4f63eac264ec54684784b2e82520f2d376e7fe0f9cfaaa41ef60434\n#TRUST-RSA-SHA256 418d314a001dd9b2ceac85dc1f34c5932c8235cd1ae8dae62b1b60d349f704709aacb78c1d428828a750fd2e48c4d40bdb3b36b528496a7f92d8596fd9e2a4edb65e4b108ad1a74b4bba4e6544a716ad0593488655718b4b3f698805cb9f4e2e49d50bb50507a8a571d883921ed6490322815ccef1f4dc632bcdf68290222b1efab47f578b3b4fa50adae88790de0878e7588c404d2390cc2362cbae23184a0a61f31c7bbbcf8be91ca848e1aebe8d41d77fabc90cfd5ce909d29f79d7d226fbf84a02f99c8408afa5afcd1f3484f34b8762a90d669b07c260352081757ebd45493b95a56b2634df64013b5c28f17b658b8ea3ca8ac141f0c712aa09a568ba79c2f8723ac8dafb3d509f7c96f354ce83c3ad220a599ac3896b1aff20f6c40846ad1eefe649a91760226ec465720438caf46420e4629cf48e9da6876adf54f8c052ef1e8d3cf178a557a49bbaba7e1fbf71ded965b0d5141b524120c4cac8412965eabb2035ef5a08f6d3219301fae03630ba2c1fae024f8dd1d2b41ec83806223c8573458269b533f5e45159560182e0146adb28b1292feae475171f648d7182cb511778f26004aedd3aa6e3203692884cf6c07ce1d5addcbd6a5932d54668b7b539c737f29790a8e778352e6c162fdc95dc7589e68d318513b6815496d7733f0ce1a438354875f9849f9e9016c4d1b2c5b7a40043e72c8fe590a6de921ff2a0\n#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149967);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"JSA\", value:\"JSA11167\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Juniper Junos OS Multiple DoS Vulnerabilities (JSA11167)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Junos OS installed on the remote host is affected by multiple denial of service vulnerabilities as referenced\nin the JSA11167 advisory:\n\n - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially\n leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams.\n They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how\n efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9511)\n \n - Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker\n creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn\n to the priority tree. This can consume excess CPU. (CVE-2019-9513)\n\n - Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens\n a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the\n peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. (CVE-2019-9514)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/JSA11167\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Junos software release referenced in Juniper advisory JSA11167\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9513\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\");\n\n exit(0);\n}\n\ninclude('junos.inc');\ninclude('junos_kb_cmd_func.inc');\n\nvar ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\n\nvar vuln_ranges = [\n {'min_ver':'16.1R3', 'fixed_ver':'18.3R2-S4'},\n {'min_ver':'18.3R3', 'fixed_ver':'18.3R3-S3'},\n {'min_ver':'18.4', 'fixed_ver':'18.4R1-S8'},\n {'min_ver':'18.4R2', 'fixed_ver':'18.4R2-S5'},\n {'min_ver':'18.4R3', 'fixed_ver':'18.4R3-S4'},\n {'min_ver':'19.1', 'fixed_ver':'19.1R1-S6'},\n {'min_ver':'19.1R2', 'fixed_ver':'19.1R2-S2'},\n {'min_ver':'19.1R3', 'fixed_ver':'19.1R3-S2'},\n {'min_ver':'19.2', 'fixed_ver':'19.2R1-S5', 'fixed_display':'19.2R1-S5, 19.2R2'}\n];\n\nvar fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);\nif (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);\n\nvar override = TRUE;\nvar buf = junos_command_kb_item(cmd:'show configuration | display set');\nif (buf)\n{\n override = FALSE;\n if (!preg(string:buf, pattern:\"^set system services extension-service request-response grpc\", multiline:TRUE))\n audit(AUDIT_HOST_NOT, 'using a vulnerable configuration');\n}\njunos_report(ver:ver, fix:fix, override:override, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-02T16:28:26", "description": "This update for nodejs8 to version 8.16.1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n\n - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n\n - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).\n\n - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n\n - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n\n - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n\n - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n\n - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nBug fixes :\n\n - Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : nodejs8 (openSUSE-2019-2115) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs8", "p-cpe:/a:novell:opensuse:nodejs8-debuginfo", "p-cpe:/a:novell:opensuse:nodejs8-debugsource", "p-cpe:/a:novell:opensuse:nodejs8-devel", "p-cpe:/a:novell:opensuse:npm8", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2115.NASL", "href": "https://www.tenable.com/plugins/nessus/128669", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2115.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128669);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"openSUSE Security Update : nodejs8 (openSUSE-2019-2115) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs8 to version 8.16.1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9511: Fixed HTTP/2 implementations that are\n vulnerable to window size manipulation and stream\n prioritization manipulation, potentially leading to a\n denial of service (bsc#1146091).\n\n - CVE-2019-9512: Fixed HTTP/2 flood using PING frames\n results in unbounded memory growth (bsc#1146099).\n\n - CVE-2019-9513: Fixed HTTP/2 implementation that is\n vulnerable to resource loops, potentially leading to a\n denial of service. (bsc#1146094).\n\n - CVE-2019-9514: Fixed HTTP/2 implementation that is\n vulnerable to a reset flood, potentially leading to a\n denial of service (bsc#1146095).\n\n - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames\n results in unbounded memory growth (bsc#1146100).\n\n - CVE-2019-9516: Fixed HTTP/2 implementation that is\n vulnerable to a header leak, potentially leading to a\n denial of service (bsc#1146090).\n\n - CVE-2019-9517: Fixed HTTP/2 implementations that are\n vulnerable to unconstrained interal data buffering\n (bsc#1146097).\n\n - CVE-2019-9518: Fixed HTTP/2 implementation that is\n vulnerable to a flood of empty frames, potentially\n leading to a denial of service (bsc#1146093).\n\nBug fixes :\n\n - Fixed that npm resolves its default config file like in\n all other versions, as /etc/nodejs/npmrc (bsc#1144919).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144919\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146100\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs8 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs8-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs8-8.16.1-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs8-debuginfo-8.16.1-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs8-debugsource-8.16.1-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs8-devel-8.16.1-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"npm8-8.16.1-lp151.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs8 / nodejs8-debuginfo / nodejs8-debugsource / nodejs8-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-02T16:26:36", "description": "This update for nodejs10 to version 10.16.3 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n\nCVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n\nCVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service.\n(bsc#1146094).\n\nCVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n\nCVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-30T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2019:2254-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs10", "p-cpe:/a:novell:suse_linux:nodejs10-debuginfo", "p-cpe:/a:novell:suse_linux:nodejs10-debugsource", "p-cpe:/a:novell:suse_linux:nodejs10-devel", "p-cpe:/a:novell:suse_linux:npm10", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2254-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128411", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2254-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128411);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2019:2254-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs10 to version 10.16.3 fixes the following \nissues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to\nwindow size manipulation and stream prioritization manipulation,\npotentially leading to a denial of service (bsc#1146091).\n\nCVE-2019-9512: Fixed HTTP/2 flood using PING frames results in\nunbounded memory growth (bsc#1146099).\n\nCVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to\nresource loops, potentially leading to a denial of service.\n(bsc#1146094).\n\nCVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a\nreset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in\nunbounded memory growth (bsc#1146100).\n\nCVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a\nheader leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to\nunconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a\nflood of empty frames, potentially leading to a denial of service\n(bsc#1146093).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9511/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9512/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9513/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9514/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9515/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9516/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9517/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9518/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c8330484\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2019-2254=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs10-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs10-debuginfo-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs10-debugsource-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs10-devel-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"npm10-10.16.3-1.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs10\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-02T16:27:26", "description": "An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version:\nnodejs (10.16.3).\n\nSecurity Fix(es) :\n\n* HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-01T00:00:00", "type": "nessus", "title": "RHEL 8 : nodejs:10 (RHSA-2019:2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:nodejs", "p-cpe:/a:redhat:enterprise_linux:nodejs-debugsource", "p-cpe:/a:redhat:enterprise_linux:nodejs-devel", "p-cpe:/a:redhat:enterprise_linux:nodejs-docs", "p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon", "p-cpe:/a:redhat:enterprise_linux:nodejs-packaging", "p-cpe:/a:redhat:enterprise_linux:npm", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "REDHAT-RHSA-2019-2925.NASL", "href": "https://www.tenable.com/plugins/nessus/129480", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2925. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129480);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2925\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"RHEL 8 : nodejs:10 (RHSA-2019:2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for the nodejs:10 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNode.js is a software development platform for building fast and\nscalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version:\nnodejs (10.16.3).\n\nSecurity Fix(es) :\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory\ngrowth (CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9518\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9511\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-packaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:npm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/nodejs');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10');\nif ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);\n\nappstreams = {\n 'nodejs:10': [\n {'reference':'nodejs-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-docs-10.16.3-2.module+el8.0.0+4214+49953fda', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed', 'release':'8'},\n {'reference':'nodejs-packaging-17-3.module+el8+2873+aa7dfd9a', 'release':'8'},\n {'reference':'npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-debugsource / nodejs-devel / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-02T16:28:25", "description": "This update for nodejs10 to version 10.16.3 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n\n - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n\n - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).\n\n - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n\n - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n\n - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n\n - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n\n - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : nodejs10 (openSUSE-2019-2114) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs10", "p-cpe:/a:novell:opensuse:nodejs10-debuginfo", "p-cpe:/a:novell:opensuse:nodejs10-debugsource", "p-cpe:/a:novell:opensuse:nodejs10-devel", "p-cpe:/a:novell:opensuse:npm10", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2114.NASL", "href": "https://www.tenable.com/plugins/nessus/128668", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2114.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128668);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"openSUSE Security Update : nodejs10 (openSUSE-2019-2114) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs10 to version 10.16.3 fixes the following \nissues :\n\nSecurity issues fixed :\n\n - CVE-2019-9511: Fixed HTTP/2 implementations that are\n vulnerable to window size manipulation and stream\n prioritization manipulation, potentially leading to a\n denial of service (bsc#1146091).\n\n - CVE-2019-9512: Fixed HTTP/2 flood using PING frames\n results in unbounded memory growth (bsc#1146099).\n\n - CVE-2019-9513: Fixed HTTP/2 implementation that is\n vulnerable to resource loops, potentially leading to a\n denial of service. (bsc#1146094).\n\n - CVE-2019-9514: Fixed HTTP/2 implementation that is\n vulnerable to a reset flood, potentially leading to a\n denial of service (bsc#1146095).\n\n - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames\n results in unbounded memory growth (bsc#1146100).\n\n - CVE-2019-9516: Fixed HTTP/2 implementation that is\n vulnerable to a header leak, potentially leading to a\n denial of service (bsc#1146090).\n\n - CVE-2019-9517: Fixed HTTP/2 implementations that are\n vulnerable to unconstrained interal data buffering\n (bsc#1146097).\n\n - CVE-2019-9518: Fixed HTTP/2 implementation that is\n vulnerable to a flood of empty frames, potentially\n leading to a denial of service (bsc#1146093).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146100\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs10 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs10-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs10-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs10-10.16.3-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs10-debuginfo-10.16.3-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs10-debugsource-10.16.3-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs10-devel-10.16.3-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"npm10-10.16.3-lp151.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs10 / nodejs10-debuginfo / nodejs10-debugsource / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-03T15:28:16", "description": "From Red Hat Security Advisory 2019:2925 :\n\nAn update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version:\nnodejs (10.16.3).\n\nSecurity Fix(es) :\n\n* HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : nodejs:10 (ELSA-2019-2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:nodejs", "p-cpe:/a:oracle:linux:nodejs-devel", "p-cpe:/a:oracle:linux:nodejs-docs", "p-cpe:/a:oracle:linux:nodejs-nodemon", "p-cpe:/a:oracle:linux:nodejs-packaging", "p-cpe:/a:oracle:linux:npm", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-2925.NASL", "href": "https://www.tenable.com/plugins/nessus/129514", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2925 and \n# Oracle Linux Security Advisory ELSA-2019-2925 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129514);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2925\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Oracle Linux 8 : nodejs:10 (ELSA-2019-2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:2925 :\n\nAn update for the nodejs:10 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNode.js is a software development platform for building fast and\nscalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version:\nnodejs (10.16.3).\n\nSecurity Fix(es) :\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory\ngrowth (CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-October/009211.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs:10 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-nodemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-packaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:npm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nodejs-10.14.1-1.module+el8.0.0+5349+4d6b561f\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nodejs-devel-10.14.1-1.module+el8.0.0+5349+4d6b561f\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nodejs-docs-10.14.1-1.module+el8.0.0+5349+4d6b561f\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nodejs-nodemon-1.18.3-1.module+el8.0.0+5349+4d6b561f\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nodejs-packaging-17-3.module+el8.0.0+5349+4d6b561f\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"npm-6.4.1-1.10.14.1.1.module+el8.0.0+5349+4d6b561f\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs / nodejs-devel / nodejs-docs / nodejs-nodemon / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-03T15:22:53", "description": "Node.js reports :\n\nNode.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/t hird-party/2019-002.md for more information.\n\nUpdates are now available for all active Node.js release lines, including Linux ARMv6 builds for Node.js 8.x (which had been delayed).\n\nWe recommend that all Node.js users upgrade to a version listed below as soon as possible. Vulnerabilities Fixed Impact: All versions of Node.js 8 (LTS 'Carbon'), Node.js 10 (LTS 'Dubnium'), and Node.js 12 (Current) are vulnerable to the following :\n\n- CVE-2019-9511 'Data Dribble': The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.\n\n- CVE-2019-9512 'Ping Flood': The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses.\nDepending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.\n\n- CVE-2019-9513 'Resource Loop': The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.\n\n- CVE-2019-9514 'Reset Flood': The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.\n\n- CVE-2019-9515 'Settings Flood': The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.\n\n- CVE-2019-9516 '0-Length Headers Leak': The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.\n\n- CVE-2019-9517 'Internal Data Buffering': The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a denial of service.\n\n- CVE-2019-9518 'Empty Frames Flood': The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU, potentially leading to a denial of service. (Discovered by Piotr Sikora of Google)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-21T00:00:00", "type": "nessus", "title": "FreeBSD : Node.js -- multiple vulnerabilities (c97a940b-c392-11e9-bb38-000d3ab229d6) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:node", "p-cpe:/a:freebsd:freebsd:node10", "p-cpe:/a:freebsd:freebsd:node8", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C97A940BC39211E9BB38000D3AB229D6.NASL", "href": "https://www.tenable.com/plugins/nessus/128043", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128043);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9512\", \"CVE-2019-9513\", \"CVE-2019-9514\", \"CVE-2019-9515\", \"CVE-2019-9516\", \"CVE-2019-9517\", \"CVE-2019-9518\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"FreeBSD : Node.js -- multiple vulnerabilities (c97a940b-c392-11e9-bb38-000d3ab229d6) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Node.js reports :\n\nNode.js, as well as many other implementations of HTTP/2, have been\nfound vulnerable to Denial of Service attacks. See\nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/t\nhird-party/2019-002.md for more information.\n\nUpdates are now available for all active Node.js release lines,\nincluding Linux ARMv6 builds for Node.js 8.x (which had been delayed).\n\nWe recommend that all Node.js users upgrade to a version listed below\nas soon as possible. Vulnerabilities Fixed Impact: All versions of\nNode.js 8 (LTS 'Carbon'), Node.js 10 (LTS 'Dubnium'), and Node.js 12\n(Current) are vulnerable to the following :\n\n- CVE-2019-9511 'Data Dribble': The attacker requests a large amount\nof data from a specified resource over multiple streams. They\nmanipulate window size and stream priority to force the server to\nqueue the data in 1-byte chunks. Depending on how efficiently this\ndata is queued, this can consume excess CPU, memory, or both,\npotentially leading to a denial of service.\n\n- CVE-2019-9512 'Ping Flood': The attacker sends continual pings to an\nHTTP/2 peer, causing the peer to build an internal queue of responses.\nDepending on how efficiently this data is queued, this can consume\nexcess CPU, memory, or both, potentially leading to a denial of\nservice.\n\n- CVE-2019-9513 'Resource Loop': The attacker creates multiple request\nstreams and continually shuffles the priority of the streams in a way\nthat causes substantial churn to the priority tree. This can consume\nexcess CPU, potentially leading to a denial of service.\n\n- CVE-2019-9514 'Reset Flood': The attacker opens a number of streams\nand sends an invalid request over each stream that should solicit a\nstream of RST_STREAM frames from the peer. Depending on how the peer\nqueues the RST_STREAM frames, this can consume excess memory, CPU, or\nboth, potentially leading to a denial of service.\n\n- CVE-2019-9515 'Settings Flood': The attacker sends a stream of\nSETTINGS frames to the peer. Since the RFC requires that the peer\nreply with one acknowledgement per SETTINGS frame, an empty SETTINGS\nframe is almost equivalent in behavior to a ping. Depending on how\nefficiently this data is queued, this can consume excess CPU, memory,\nor both, potentially leading to a denial of service.\n\n- CVE-2019-9516 '0-Length Headers Leak': The attacker sends a stream\nof headers with a 0-length header name and 0-length header value,\noptionally Huffman encoded into 1-byte or greater headers. Some\nimplementations allocate memory for these headers and keep the\nallocation alive until the session dies. This can consume excess\nmemory, potentially leading to a denial of service.\n\n- CVE-2019-9517 'Internal Data Buffering': The attacker opens the\nHTTP/2 window so the peer can send without constraint; however, they\nleave the TCP window closed so the peer cannot actually write (many\nof) the bytes on the wire. The attacker then sends a stream of\nrequests for a large response object. Depending on how the servers\nqueue the responses, this can consume excess memory, CPU, or both,\npotentially leading to a denial of service.\n\n- CVE-2019-9518 'Empty Frames Flood': The attacker sends a stream of\nframes with an empty payload and without the end-of-stream flag. These\nframes can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The\npeer spends time processing each frame disproportionate to attack\nbandwidth. This can consume excess CPU, potentially leading to a\ndenial of service. (Discovered by Piotr Sikora of Google)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/\"\n );\n # https://vuxml.freebsd.org/freebsd/c97a940b-c392-11e9-bb38-000d3ab229d6.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27301aed\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"node<12.8.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node10<10.16.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node8<8.16.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-03T15:24:47", "description": "This update for nodejs8 to version 8.16.1 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n\nCVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n\nCVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service.\n(bsc#1146094).\n\nCVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n\nCVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nBug fixes: Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:2260-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs8", "p-cpe:/a:novell:suse_linux:nodejs8-debuginfo", "p-cpe:/a:novell:suse_linux:nodejs8-debugsource", "p-cpe:/a:novell:suse_linux:nodejs8-devel", "p-cpe:/a:novell:suse_linux:npm8", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2260-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128468", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2260-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128468);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:2260-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs8 to version 8.16.1 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to\nwindow size manipulation and stream prioritization manipulation,\npotentially leading to a denial of service (bsc#1146091).\n\nCVE-2019-9512: Fixed HTTP/2 flood using PING frames results in\nunbounded memory growth (bsc#1146099).\n\nCVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to\nresource loops, potentially leading to a denial of service.\n(bsc#1146094).\n\nCVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a\nreset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in\nunbounded memory growth (bsc#1146100).\n\nCVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a\nheader leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to\nunconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a\nflood of empty frames, potentially leading to a denial of service\n(bsc#1146093).\n\nBug fixes: Fixed that npm resolves its default config file like in all\nother versions, as /etc/nodejs/npmrc (bsc#1144919).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144919\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9511/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9512/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9513/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9514/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9515/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9516/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9517/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9518/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192260-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e4c77b67\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2260=1\n\nSUSE Linux Enterprise Module for Web Scripting 15:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-15-2019-2260=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs8-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs8-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs8-debuginfo-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs8-debugsource-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs8-devel-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"npm8-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs8-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs8-debuginfo-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs8-debugsource-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs8-devel-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"npm8-8.16.1-3.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs8\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-03T15:26:00", "description": "This update for nodejs10 to version 10.16.3 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n\nCVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n\nCVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service.\n(bsc#1146094).\n\nCVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n\nCVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:2259-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs10", "p-cpe:/a:novell:suse_linux:nodejs10-debuginfo", "p-cpe:/a:novell:suse_linux:nodejs10-debugsource", "p-cpe:/a:novell:suse_linux:nodejs10-devel", "p-cpe:/a:novell:suse_linux:npm10", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2259-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2259-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128467);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:2259-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs10 to version 10.16.3 fixes the following \nissues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to\nwindow size manipulation and stream prioritization manipulation,\npotentially leading to a denial of service (bsc#1146091).\n\nCVE-2019-9512: Fixed HTTP/2 flood using PING frames results in\nunbounded memory growth (bsc#1146099).\n\nCVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to\nresource loops, potentially leading to a denial of service.\n(bsc#1146094).\n\nCVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a\nreset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in\nunbounded memory growth (bsc#1146100).\n\nCVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a\nheader leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to\nunconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a\nflood of empty frames, potentially leading to a denial of service\n(bsc#1146093).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9511/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9512/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9513/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9514/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9515/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9516/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9517/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9518/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192259-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4d1ab3d\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2259=1\n\nSUSE Linux Enterprise Module for Web Scripting 15:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-15-2019-2259=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs10-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs10-debuginfo-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs10-debugsource-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs10-devel-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"npm10-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs10-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs10-debuginfo-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs10-debugsource-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs10-devel-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"npm10-10.16.3-1.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs10\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-02T14:50:57", "description": "This update for nodejs12 fixes the following issues :\n\nUpdate to LTS release 12.13.0 (jsc#SLE-8947).\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to window size manipulations (bsc#1146091).\n\nCVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable to floods using PING frames (bsc#1146099).\n\nCVE-2019-9513: Fixed the HTTP/2 implementation that was vulnerable to resource loops, potentially leading to a denial of service (bsc#1146094).\n\nCVE-2019-9514: Fixed the HTTP/2 implementation that was vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed the HTTP/2 implementation that was vulnerable to a SETTINGS frame flood (bsc#1146100).\n\nCVE-2019-9516: Fixed the HTTP/2 implementation that was vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed the HTTP/2 implementation that was vulnerable to unconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed the HTTP/2 implementation that was vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nCVE-2019-13173: Fixed a file overwrite in the fstream.DirWriter() function (bsc#1140290).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0059-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13173", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs12", "p-cpe:/a:novell:suse_linux:nodejs12-debuginfo", "p-cpe:/a:novell:suse_linux:nodejs12-debugsource", "p-cpe:/a:novell:suse_linux:nodejs12-devel", "p-cpe:/a:novell:suse_linux:npm12", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-0059-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132767", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0059-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132767);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-13173\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0059-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs12 fixes the following issues :\n\nUpdate to LTS release 12.13.0 (jsc#SLE-8947).\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to\nwindow size manipulations (bsc#1146091).\n\nCVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable to\nfloods using PING frames (bsc#1146099).\n\nCVE-2019-9513: Fixed the HTTP/2 implementation that was vulnerable to\nresource loops, potentially leading to a denial of service\n(bsc#1146094).\n\nCVE-2019-9514: Fixed the HTTP/2 implementation that was vulnerable to\na reset flood, potentially leading to a denial of service\n(bsc#1146095).\n\nCVE-2019-9515: Fixed the HTTP/2 implementation that was vulnerable to\na SETTINGS frame flood (bsc#1146100).\n\nCVE-2019-9516: Fixed the HTTP/2 implementation that was vulnerable to\na header leak, potentially leading to a denial of service\n(bsc#1146090).\n\nCVE-2019-9517: Fixed the HTTP/2 implementation that was vulnerable to\nunconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed the HTTP/2 implementation that was vulnerable to\na flood of empty frames, potentially leading to a denial of service\n(bsc#1146093).\n\nCVE-2019-13173: Fixed a file overwrite in the fstream.DirWriter()\nfunction (bsc#1140290).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13173/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9511/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9512/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9513/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9514/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9515/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9516/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9517/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9518/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cadca2ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2020-59=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13173\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs12-12.13.0-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs12-debuginfo-12.13.0-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs12-debugsource-12.13.0-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs12-devel-12.13.0-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"npm12-12.13.0-1.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs12\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-03T14:52:16", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2925 advisory.\n\n - nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass (CVE-2019-5737)\n\n - HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n - HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n - HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n - HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n - HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n - HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n - HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n - HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : nodejs:10 (CESA-2019:2925)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5737", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:nodejs", "p-cpe:/a:centos:centos:nodejs-devel", "p-cpe:/a:centos:centos:nodejs-docs", "p-cpe:/a:centos:centos:npm"], "id": "CENTOS8_RHSA-2019-2925.NASL", "href": "https://www.tenable.com/plugins/nessus/145589", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:2925. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145589);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-5737\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2925\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"CentOS 8 : nodejs:10 (CESA-2019:2925)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:2925 advisory.\n\n - nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass (CVE-2019-5737)\n\n - HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n - HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n - HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n - HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n - HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n - HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n - HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n - HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2925\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9518\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:npm\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/nodejs');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10');\nif ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);\n\nappstreams = {\n 'nodejs:10': [\n {'reference':'nodejs-10.16.3-2.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-10.16.3-2.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-devel-10.16.3-2.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-devel-10.16.3-2.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-docs-10.16.3-2.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-docs-10.16.3-2.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'npm-6.9.0-1.10.16.3.2.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'npm-6.9.0-1.10.16.3.2.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-devel / nodejs-docs / npm');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:25:55", "description": "Several vulnerabilities were discovered in the HTTP/2 code of Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service.\n\nThe fixes are too intrusive to backport to the version in the oldstable distribution (stretch). An upgrade to Debian stable (buster) is recommended instead.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-10T00:00:00", "type": "nessus", "title": "Debian DSA-4520-1 : trafficserver - security update (Empty Frames Flood) (Ping Flood) (Reset Flood) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9518"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:trafficserver", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4520.NASL", "href": "https://www.tenable.com/plugins/nessus/128621", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4520. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128621);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\", \"CVE-2019-9515\", \"CVE-2019-9518\");\n script_xref(name:\"DSA\", value:\"4520\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Debian DSA-4520-1 : trafficserver - security update (Empty Frames Flood) (Ping Flood) (Reset Flood) (Settings Flood)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities were discovered in the HTTP/2 code of Apache\nTraffic Server, a reverse and forward proxy server, which could result\nin denial of service.\n\nThe fixes are too intrusive to backport to the version in the\noldstable distribution (stretch). An upgrade to Debian stable (buster)\nis recommended instead.\"\n );\n # https://security-tracker.debian.org/tracker/source-package/trafficserver\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20613153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/trafficserver\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4520\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the trafficserver packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 8.0.2+ds-1+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:trafficserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"trafficserver\", reference:\"8.0.2+ds-1+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"trafficserver-dev\", reference:\"8.0.2+ds-1+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"trafficserver-experimental-plugins\", reference:\"8.0.2+ds-1+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:56:08", "description": "According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to < 9.4.21. It is, therefore, affected by multiple vulnerabilities:\n\n - Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. (CVE-2019-9518)\n\n - Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. (CVE-2019-9516)\n\n - Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. (CVE-2019-9515)\n\n - Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. (CVE-2019-9514)\n\n - Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. (CVE-2019-9512)\n\n - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. (CVE-2019-9511)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-04T00:00:00", "type": "nessus", "title": "Jetty < 9.4.21 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9518"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_113005", "href": "https://www.tenable.com/plugins/was/113005", "sourceData": "No source data", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-22T15:20:58", "description": "- Update jackson-databind to version 2.9.9.3.\n\n - Update jackson-core to version 2.9.9.\n\n - Update jackson-annotations to version 2.9.9.\n\n - Update jackson-bom to version 2.9.9.\n\nResolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-23T00:00:00", "type": "nessus", "title": "Fedora 30 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-ae6a703b8f)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:jackson-annotations", "p-cpe:/a:fedoraproject:fedora:jackson-bom", "p-cpe:/a:fedoraproject:fedora:jackson-core", "p-cpe:/a:fedoraproject:fedora:jackson-databind", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-AE6A703B8F.NASL", "href": "https://www.tenable.com/plugins/nessus/129110", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-ae6a703b8f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129110);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-12086\", \"CVE-2019-12384\", \"CVE-2019-12814\", \"CVE-2019-14379\", \"CVE-2019-14439\");\n script_xref(name:\"FEDORA\", value:\"2019-ae6a703b8f\");\n\n script_name(english:\"Fedora 30 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-ae6a703b8f)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update jackson-databind to version 2.9.9.3.\n\n - Update jackson-core to version 2.9.9.\n\n - Update jackson-annotations to version 2.9.9.\n\n - Update jackson-bom to version 2.9.9.\n\nResolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,\nCVE-2019-14379, and CVE-14439.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-ae6a703b8f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-bom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-databind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"jackson-annotations-2.9.9-1.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"jackson-bom-2.9.9-1.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"jackson-core-2.9.9-1.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"jackson-databind-2.9.9.3-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jackson-annotations / jackson-bom / jackson-core / jackson-databind\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-22T15:20:54", "description": "- Update jackson-databind to version 2.9.9.3.\n\n - Update jackson-core to version 2.9.9.\n\n - Update jackson-annotations to version 2.9.9.\n\n - Update jackson-bom to version 2.9.9.\n\nResolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-23T00:00:00", "type": "nessus", "title": "Fedora 29 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-fb23eccc03)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:jackson-annotations", "p-cpe:/a:fedoraproject:fedora:jackson-bom", "p-cpe:/a:fedoraproject:fedora:jackson-core", "p-cpe:/a:fedoraproject:fedora:jackson-databind", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-FB23ECCC03.NASL", "href": "https://www.tenable.com/plugins/nessus/129113", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-fb23eccc03.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129113);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-12086\", \"CVE-2019-12384\", \"CVE-2019-12814\", \"CVE-2019-14379\", \"CVE-2019-14439\");\n script_xref(name:\"FEDORA\", value:\"2019-fb23eccc03\");\n\n script_name(english:\"Fedora 29 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-fb23eccc03)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update jackson-databind to version 2.9.9.3.\n\n - Update jackson-core to version 2.9.9.\n\n - Update jackson-annotations to version 2.9.9.\n\n - Update jackson-bom to version 2.9.9.\n\nResolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,\nCVE-2019-14379, and CVE-14439.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-fb23eccc03\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-bom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-databind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"jackson-annotations-2.9.9-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"jackson-bom-2.9.9-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"jackson-core-2.9.9-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"jackson-databind-2.9.9.3-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jackson-annotations / jackson-bom / jackson-core / jackson-databind\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-22T15:23:44", "description": "- Update jackson-databind to version 2.9.9.3.\n\n - Update jackson-core to version 2.9.9.\n\n - Update jackson-annotations to version 2.9.9.\n\n - Update jackson-bom to version 2.9.9.\n\nResolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-07T00:00:00", "type": "nessus", "title": "Fedora 31 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-99ff6aa32c)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439"], "modified": "2019-12-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:jackson-annotations", "p-cpe:/a:fedoraproject:fedora:jackson-bom", "p-cpe:/a:fedoraproject:fedora:jackson-core", "p-cpe:/a:fedoraproject:fedora:jackson-databind", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-99FF6AA32C.NASL", "href": "https://www.tenable.com/plugins/nessus/129634", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-99ff6aa32c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129634);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/20\");\n\n script_cve_id(\"CVE-2019-12086\", \"CVE-2019-12384\", \"CVE-2019-12814\", \"CVE-2019-14379\", \"CVE-2019-14439\");\n script_xref(name:\"FEDORA\", value:\"2019-99ff6aa32c\");\n\n script_name(english:\"Fedora 31 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-99ff6aa32c)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update jackson-databind to version 2.9.9.3.\n\n - Update jackson-core to version 2.9.9.\n\n - Update jackson-annotations to version 2.9.9.\n\n - Update jackson-bom to version 2.9.9.\n\nResolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814,\nCVE-2019-14379, and CVE-14439.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-99ff6aa32c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-bom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jackson-databind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"jackson-annotations-2.9.9-1.fc31\")) flag++;\nif (rpm_check(release:\"FC31\", reference:\"jackson-bom-2.9.9-1.fc31\")) flag++;\nif (rpm_check(release:\"FC31\", reference:\"jackson-core-2.9.9-1.fc31\")) flag++;\nif (rpm_check(release:\"FC31\", reference:\"jackson-databind-2.9.9.3-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jackson-annotations / jackson-bom / jackson-core / jackson-databind\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:23:02", "description": "Jonathon Loomey of Netflix reports :\n\nHTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion\n\nRecently, a series of DoS attack vulnerabilities have been reported on a broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is exposed to the following :\n\n- CVE-2019-9512 'Ping Flood': The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses.\nDepending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.\n\n- CVE-2019-9514 'Reset Flood': The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.\n\n- CVE-2019-9515 'Settings Flood': The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "FreeBSD : h2o -- multiple HTTP/2 vulnerabilities (73b1e734-c74e-11e9-8052-0028f8d09152) (Ping Flood) (Reset Flood) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:h2o", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_73B1E734C74E11E980520028F8D09152.NASL", "href": "https://www.tenable.com/plugins/nessus/128136", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128136);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\", \"CVE-2019-9515\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"FreeBSD : h2o -- multiple HTTP/2 vulnerabilities (73b1e734-c74e-11e9-8052-0028f8d09152) (Ping Flood) (Reset Flood) (Settings Flood)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Jonathon Loomey of Netflix reports :\n\nHTTP/2 implementations do not robustly handle abnormal traffic and\nresource exhaustion\n\nRecently, a series of DoS attack vulnerabilities have been reported on\na broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is\nexposed to the following :\n\n- CVE-2019-9512 'Ping Flood': The attacker sends continual pings to an\nHTTP/2 peer, causing the peer to build an internal queue of responses.\nDepending on how efficiently this data is queued, this can consume\nexcess CPU, memory, or both, potentially leading to a denial of\nservice.\n\n- CVE-2019-9514 'Reset Flood': The attacker opens a number of streams\nand sends an invalid request over each stream that should solicit a\nstream of RST_STREAM frames from the peer. Depending on how the peer\nqueues the RST_STREAM frames, this can consume excess memory, CPU, or\nboth, potentially leading to a denial of service.\n\n- CVE-2019-9515 'Settings Flood': The attacker sends a stream of\nSETTINGS frames to the peer. Since the RFC requires that the peer\nreply with one acknowledgement per SETTINGS frame, an empty SETTINGS\nframe is almost equivalent in behavior to a ping. Depending on how\nefficiently this data is queued, this can consume excess CPU, memory,\nor both, potentially leading to a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/h2o/h2o/issues/2090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kb.cert.org/vuls/id/605641/\"\n );\n # https://vuxml.freebsd.org/freebsd/73b1e734-c74e-11e9-8052-0028f8d09152.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9fac719\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:h2o\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"h2o<2.2.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:16:22", "description": "The version of Arista Networks CloudVision Portal running on the remote device is affected by the following vulnerabilities:\n\n - HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service (DoS).\n An unauthenticated, remote attacker can exploit this, by sending continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9512)\n\n - HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a DoS. An unauthenticated, remote attacker can open a number of streams and send an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. (CVE-2019-9514)\n\n - HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a DoS. An unauthenticated, remote attacker can exploit this by sending a stream of SETTINGS frames to the peer.\n Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9515)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. To retrieve patch level information this plugin requires the HTTP credentials of the web console.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "Arista Networks CloudVision Portal Multiple Vulnerabilities (SA0043)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:arista:cloudvision_portal"], "id": "ARISTA_CVP_SA0043.NASL", "href": "https://www.tenable.com/plugins/nessus/138340", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138340);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\", \"CVE-2019-9515\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Arista Networks CloudVision Portal Multiple Vulnerabilities (SA0043)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Arista Networks CloudVision Portal running on the remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Arista Networks CloudVision Portal running on the remote device is affected by the following\nvulnerabilities:\n\n - HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service (DoS).\n An unauthenticated, remote attacker can exploit this, by sending continual pings to an HTTP/2 peer,\n causing the peer to build an internal queue of responses. Depending on how efficiently this data is\n queued, this can consume excess CPU, memory, or both. (CVE-2019-9512)\n\n - HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a DoS. An unauthenticated, \n remote attacker can open a number of streams and send an invalid request over each stream that should\n solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM\n frames, this can consume excess memory, CPU, or both. (CVE-2019-9514)\n\n - HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a DoS. An\n unauthenticated, remote attacker can exploit this by sending a stream of SETTINGS frames to the peer.\n Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS\n frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this\n can consume excess CPU, memory, or both. (CVE-2019-9515)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber. To retrieve patch level information this plugin requires the HTTP credentials of the web console.\");\n # https://www.arista.com/en/support/advisories-notices/security-advisories/8762-security-advisory-43\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e5070013\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the mitigation or upgrade to a fixed version as referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9515\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:arista:cloudvision_portal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"arista_cloudvision_portal_detect.nbin\");\n script_require_keys(\"installed_sw/Arista CloudVision Portal\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nif (report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nport = get_http_port(default:443);\napp = 'Arista CloudVision Portal';\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\n\nconstraints = [\n {'fixed_version':'2018.2.6', 'fixed_display':'2019.1.0' }\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:24:54", "description": "Three vulnerabilities were discovered in the HTTP/2 code of the H2O HTTP server, which could result in denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-27T00:00:00", "type": "nessus", "title": "Debian DSA-4508-1 : h2o - security update (Ping Flood) (Reset Flood) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:h2o", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4508.NASL", "href": "https://www.tenable.com/plugins/nessus/128181", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4508. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128181);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\", \"CVE-2019-9515\");\n script_xref(name:\"DSA\", value:\"4508\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Debian DSA-4508-1 : h2o - security update (Ping Flood) (Reset Flood) (Settings Flood)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Three vulnerabilities were discovered in the HTTP/2 code of the H2O\nHTTP server, which could result in denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/h2o\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/h2o\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4508\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the h2o packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.2.5+dfsg2-2+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:h2o\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"h2o\", reference:\"2.2.5+dfsg2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"h2o-doc\", reference:\"2.2.5+dfsg2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libh2o-dev\", reference:\"2.2.5+dfsg2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libh2o-dev-common\", reference:\"2.2.5+dfsg2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libh2o-evloop-dev\", reference:\"2.2.5+dfsg2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libh2o-evloop0.13\", reference:\"2.2.5+dfsg2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libh2o0.13\", reference:\"2.2.5+dfsg2-2+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:23:36", "description": "Jonathon Loomey of Netflix reports :\n\nHTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion\n\nRecently, a series of DoS attack vulnerabilities have been reported on a broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is exposed to the following :\n\n- CVE-2019-9512 'Ping Flood': The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses.\nDepending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.\n\n- CVE-2019-9514 'Reset Flood': The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.\n\n- CVE-2019-9515 'Settings Flood': The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "FreeBSD : h2o -- multiple HTTP/2 vulnerabilities (72a5579e-c765-11e9-8052-0028f8d09152) (Ping Flood) (Reset Flood) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:h2o-devel", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_72A5579EC76511E980520028F8D09152.NASL", "href": "https://www.tenable.com/plugins/nessus/128135", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128135);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\", \"CVE-2019-9515\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"FreeBSD : h2o -- multiple HTTP/2 vulnerabilities (72a5579e-c765-11e9-8052-0028f8d09152) (Ping Flood) (Reset Flood) (Settings Flood)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Jonathon Loomey of Netflix reports :\n\nHTTP/2 implementations do not robustly handle abnormal traffic and\nresource exhaustion\n\nRecently, a series of DoS attack vulnerabilities have been reported on\na broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is\nexposed to the following :\n\n- CVE-2019-9512 'Ping Flood': The attacker sends continual pings to an\nHTTP/2 peer, causing the peer to build an internal queue of responses.\nDepending on how efficiently this data is queued, this can consume\nexcess CPU, memory, or both, potentially leading to a denial of\nservice.\n\n- CVE-2019-9514 'Reset Flood': The attacker opens a number of streams\nand sends an invalid request over each stream that should solicit a\nstream of RST_STREAM frames from the peer. Depending on how the peer\nqueues the RST_STREAM frames, this can consume excess memory, CPU, or\nboth, potentially leading to a denial of service.\n\n- CVE-2019-9515 'Settings Flood': The attacker sends a stream of\nSETTINGS frames to the peer. Since the RFC requires that the peer\nreply with one acknowledgement per SETTINGS frame, an empty SETTINGS\nframe is almost equivalent in behavior to a ping. Depending on how\nefficiently this data is queued, this can consume excess CPU, memory,\nor both, potentially leading to a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/h2o/h2o/issues/2090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kb.cert.org/vuls/id/605641/\"\n );\n # https://vuxml.freebsd.org/freebsd/72a5579e-c765-11e9-8052-0028f8d09152.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d11da2f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:h2o-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"h2o-devel<2.3.0.b2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:08:19", "description": "The version of Arista Networks EOS running on the remote device is affected by the following vulnerabilities:\n\n - HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service (DoS).\n An unauthenticated, remote attacker can exploit this, by sending continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9512)\n\n - HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a DoS. An unauthenticated, remote attacker can open a number of streams and send an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. (CVE-2019-9514)\n\n - HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a DoS. An unauthenticated, remote attacker can exploit this by sending a stream of SETTINGS frames to the peer.\n Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9515)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-11T00:00:00", "type": "nessus", "title": "Arista Networks EOS Multiple Vulnerabilities (SA0043)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/o:arista:eos"], "id": "ARISTA_EOS_SA0043.NASL", "href": "https://www.tenable.com/plugins/nessus/134419", "sourceData": "#TRUSTED 9854d4a035645598d6d4a2bf77d33726ad7be07f9a2506ff2dea1bc45491e6cf84fd69657834f672d1d627b73ddf07257c6c246cca0fc7ef43e14882225df2f71ff56a05ac823d1666132d3f1329fb6632897dea66e8a225e5d5e1220e4dd5a35caf6a7fed6fc33e941387d2bafcdebf16734bad3e40dcbc4b3e9c808e0851f34fded1f8c4dc17d18a8b36d7a5825254cc98578421b91ed7e40ab2a91e4f6ac018fb09043f6c2a141ba8dea2f5399404e7198e093b29ac304120c0abf0278d26e646faeca81cb2a65c040427ecf56bf284e75a913e1dbc3e2bbca524df97fff9c3684ecfd1c6fdc96523d54886e2d5dc178f0db81b091a26bf8c9aa48d67cefe365b896cda4af6681c8efb39d19185c5f6ccb4b1279564df8a4b29fb6886fb20d291cfa0d49eb9db0830fd25944f9a39763d4369c41ece17232a8b689d17f81f7d22bbbcacdd2cc9b7cab1f09b74da94afe8eb28e9388681910d3f63986d0bf9e87b7ae582fe1f8241a7b64000183c9679f2fada022d064b355048e5dc35694b2b6986b6acfe6d30045ce40c6d50589b4c833eadeb133273f736df82a3925fb7393b14e654ebd7cc03ef3c2e93c287b52ed9fcd6de55c2b380c0b4313f83a73c16c27af8a2a9208573ac63f088fa817f223421bd610267d483040f56062c2602df526d65e7ff6f840309175c177d15681ed60a5af11d07435ae1deb172dbe663\n#TRUST-RSA-SHA256 6e23649d7b989a7a0bb196ddb259488b534f6939a0c906d997aa311fa89856f78f4c2ceaf85e024da2b5e77605f16182a6e7623afdb31df019d1a0279419e05a5f3cc24fc313ae9592a411fabf9a4c0e55d1f24a3ef7a6aa5c390652c307d3d1ab512b078624033877ae145dc7a7a0f1ffa89969a361c1d989f24ec71fd8e6e1632636fbcfb4932bde51b26b37baf441e89dc723aabaa7edf75a5ad881654c8bd66e406f7de212e42c9da9ae1dcf034422d4306ec55cdeff192cabffe2ee36a8edc06bd40f94aff3e90891d6996189f1c522d16b7745f70e230a5dc40cec9c1e3f6e584c0b3dcf2a9e4ca7728e8bf80ba58ff92b482286faee17c0dc56bb6f3fdb45dae0bb353918033c16e88edfe65757ce73360053992ca675865ed6cb4617e70c1bea0663172b91d150b5c8b6483040de1fab2550ad7adab4b8ba0618316a5d5c671a8e9ab7cfe07533a13b0fbf55535b5c66dbefa57f67ff82ccac8778cb9a57f4fe7365bdb942c2b08512c5190411649ac680f7736b1803d40d1d4d66ef6d2e42fe57e3688330cb97ce1a867bce21348395c3629ba910c050dd13b7878cbad66579db24229915ec99bc04b5c559c28be86a1b89fa4f4b6c659b7f5525bea6feb9d2f89d4ffa8173816a8ac314e23831b239a4996763db51ce95a9286bfce55c936f55e51b291edcc1d8b63de9daa8e46901d9a81080f9c773c26a1ca83c\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134419);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\", \"CVE-2019-9515\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Arista Networks EOS Multiple Vulnerabilities (SA0043)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Arista Networks EOS running on the remote device is affected by the following vulnerabilities:\n\n - HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service (DoS).\n An unauthenticated, remote attacker can exploit this, by sending continual pings to an HTTP/2 peer,\n causing the peer to build an internal queue of responses. Depending on how efficiently this data is\n queued, this can consume excess CPU, memory, or both. (CVE-2019-9512)\n\n - HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a DoS. An unauthenticated, \n remote attacker can open a number of streams and send an invalid request over each stream that should\n solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM\n frames, this can consume excess memory, CPU, or both. (CVE-2019-9514)\n\n - HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a DoS. An\n unauthenticated, remote attacker can exploit this by sending a stream of SETTINGS frames to the peer.\n Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS\n frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this\n can consume excess CPU, memory, or both. (CVE-2019-9515)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.arista.com/en/support/advisories-notices/security-advisories/8762-security-advisory-43\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e5070013\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the patch or or mitigation or upgrade to a fixed version as referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9515\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:arista:eos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"arista_eos_detect.nbin\");\n script_require_keys(\"Host/Arista-EOS/Version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude('arista_eos_func.inc');\ninclude('audit.inc');\n\nif (report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nversion = get_kb_item_or_exit('Host/Arista-EOS/Version');\n\nif (version =~ \"([^0-9]|^)4\\.22\\.(0|0\\.1|0\\.2|1|2)F\" ||\n version =~ \"([^0-9]|^)4\\.23\\.(0|0\\.1)F\")\n{\n ext='SecurityAdvisory0043Hotfix-4.22-4.23.rpm 1.0.0/eng';\n sha='ef84fb5e4eb2ffe9f1cf2904cb1b496fb115c444de21f4cf38858daa4a0cba35a6cad9677d01b8f1885df42ff15368c864998eb4afcc7625e39195e08f65c669';\n\n if(eos_extension_installed(ext:ext, sha:sha))\n audit(AUDIT_HOST_NOT, 'affected as a relevant hotfix has been installed');\n}\nelse if (version =~ \"([^0-9]|^)4\\.20\\.(11|11\\.1|12|12\\.1|13|13\\.1|14)M\" ||\n version =~ \"([^0-9]|^)4\\.21\\.(7|7\\.1|8)M\")\n{\n ext='SecurityAdvisory0043Hotfix-4.20-4.21.rpm 1.0.0/eng';\n sha='be17fce400045ee63c7d77cb756e47aebf460c878793b1984ed3c79f7c3be3ec189c986afdcbc3d1814170d2e1f5c594b3ac7d179ebe05eda05c4919d9789036';\n\n if(eos_extension_installed(ext:ext, sha:sha))\n audit(AUDIT_HOST_NOT, 'affected as a relevant hotfix has been installed');\n}\n\n\nvmatrix = make_array();\nvmatrix['all'] = make_list('4.22<=4.22.2',\n '4.21<=4.21.7.1',\n '4.20<=4.20.14',\n '4.19<=4.19.13',\n '4.18<=4.18.99',\n '4.17<=4.17.99');\nvmatrix['F'] = make_list('4.23.0F');\n\nvmatrix['fix'] = '4.20 >= 4.20.15M / 4.21 >= 4.21.9M / 4.22 >= 4.22.3F / 4.23 >= 4.23.1F';\n\nif (eos_is_affected(vmatrix:vmatrix, version:version))\n security_report_v4(severity:SECURITY_HOLE, port:0, extra:eos_report_get());\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'Arista Networks EOS', version);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-22T15:22:58", "description": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es) :\n\n* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814)\n\n* undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212)\n\n* codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086)\n\n* undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "RHEL 6 : JBoss EAP (RHSA-2019:2935)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10184", "CVE-2019-10202", "CVE-2019-10212", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379"], "modified": "2019-12-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-tools", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-core-asl", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-jaxrs", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-mapper-asl", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-xc", "p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf", "p-cpe:/a:redhat:enterprise_linux:eap7-hal-console", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-annotations", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-core", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jdk8", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jsr310", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-base", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-json-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-module-jaxb-annotations", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-base", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-java8", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-jaxrs-api_2.1_spec", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logging", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling-river", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-msc", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-remoting", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-cli", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-core", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly13.0-server", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly14.0-server", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-xnio-base", "p-cpe:/a:redhat:enterprise_linux:eap7-jgroups", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-compensations", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbosstxbridge", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbossxts", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-idlj", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-integration", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-api", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-bridge", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-integration", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-util", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-txframework", "p-cpe:/a:redhat:enterprise_linux:eap7-netty", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-all", "p-cpe:/a:redhat:enterprise_linux:eap7-picketbox", "p-cpe:/a:redhat:enterprise_linux:eap7-picketbox-infinispan", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8", "p-cpe:/a:redhat:enterprise_linux:eap7-undertow", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-core", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-jsf", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-ejb", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-jta", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-probe-core", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-web", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron-tool", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-2935.NASL", "href": "https://www.tenable.com/plugins/nessus/129516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2935. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129516);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/23\");\n\n script_cve_id(\"CVE-2019-10184\", \"CVE-2019-10202\", \"CVE-2019-10212\", \"CVE-2019-12086\", \"CVE-2019-12384\", \"CVE-2019-12814\", \"CVE-2019-14379\");\n script_xref(name:\"RHSA\", value:\"2019:2935\");\n\n script_name(english:\"RHEL 6 : JBoss EAP (RHSA-2019:2935)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.2 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.4\nserves as a replacement for Red Hat JBoss Enterprise Application\nPlatform 7.2.3, and includes bug fixes and enhancements. See the Red\nHat JBoss Enterprise Application Platform 7.2.4 Release Notes for\ninformation about the most significant bug fixes and enhancements\nincluded in this release.\n\nSecurity Fix(es) :\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* jackson-databind: failure to block the logback-core class from\npolymorphic deserialization leading to remote code execution\n(CVE-2019-12384)\n\n* jackson-databind: polymorphic typing issue allows attacker to read\narbitrary local files on the server via crafted JSON message\n(CVE-2019-12814)\n\n* undertow: DEBUG log for io.undertow.request.security if enabled\nleaks credentials to log files (CVE-2019-10212)\n\n* codehaus: incomplete fix for unsafe deserialization in\njackson-databind vulnerabilities (CVE-2019-10202)\n\n* jackson-databind: polymorphic typing issue allows attacker to read\narbitrary local files on the server (CVE-2019-12086)\n\n* undertow: Information leak in requests for directories without\ntrailing slashes (CVE-2019-10184)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-12086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-12384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-12814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-14379\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-core-asl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-mapper-asl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-xc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hal-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jdk8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jsr310\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-json-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-module-jaxb-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-java8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-jaxrs-api_2.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling-river\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-msc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly13.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly14.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-xnio-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-compensations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbosstxbridge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbossxts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-idlj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-integration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-bridge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-integration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-txframework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketbox-infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-undertow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-ejb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-jta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-probe-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron-tool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2935\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"eap7-jboss\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-cli-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-commons-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-core-client-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-dto-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-hornetq-protocol-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-hqclient-protocol-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-jdbc-store-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-jms-client-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-jms-server-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-journal-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-ra-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-selector-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-server-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-service-extensions-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-activemq-artemis-tools-2.9.0-1.redhat_00005.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-codehaus-jackson-1.9.13-9.redhat_00006.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-codehaus-jackson-core-asl-1.9.13-9.redhat_00006.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-codehaus-jackson-jaxrs-1.9.13-9.redhat_00006.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-codehaus-jackson-mapper-asl-1.9.13-9.redhat_00006.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-codehaus-jackson-xc-1.9.13-9.redhat_00006.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-glassfish-jsf-2.3.5-4.SP3_redhat_00002.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-hal-console-3.0.16-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-hibernate-5.3.11-2.SP1_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-hibernate-core-5.3.11-2.SP1_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-hibernate-entitymanager-5.3.11-2.SP1_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-hibernate-envers-5.3.11-2.SP1_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-hibernate-java8-5.3.11-2.SP1_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-infinispan-9.3.7-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-infinispan-cachestore-jdbc-9.3.7-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-infinispan-cachestore-remote-9.3.7-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-infinispan-client-hotrod-9.3.7-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-infinispan-commons-9.3.7-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-infinispan-core-9.3.7-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-infinispan-hibernate-cache-commons-9.3.7-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-infinispan-hibernate-cache-spi-9.3.7-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-infinispan-hibernate-cache-v53-9.3.7-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-ironjacamar-1.4.17-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-ironjacamar-common-api-1.4.17-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-ironjacamar-common-impl-1.4.17-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-ironjacamar-common-spi-1.4.17-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-ironjacamar-core-api-1.4.17-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-ironjacamar-core-impl-1.4.17-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-ironjacamar-deployers-common-1.4.17-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-ironjacamar-jdbc-1.4.17-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-ironjacamar-validator-1.4.17-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jackson-annotations-2.9.9-1.redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jackson-core-2.9.9-1.redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jackson-databind-2.9.9.3-1.redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jackson-datatype-jdk8-2.9.9-1.redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jackson-datatype-jsr310-2.9.9-1.redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jackson-jaxrs-base-2.9.9-2.redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jackson-jaxrs-json-provider-2.9.9-2.redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jackson-module-jaxb-annotations-2.9.9-1.redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jackson-modules-base-2.9.9-1.redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jackson-modules-java8-2.9.9-1.redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-ejb-client-4.0.23-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-jaxrs-api_2.1_spec-1.0.3-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-logging-3.3.3-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-logmanager-2.1.14-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-marshalling-2.0.9-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-marshalling-river-2.0.9-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-msc-1.4.8-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-remoting-5.0.14-1.SP1_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-cli-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-core-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-eap6.4-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-eap7.0-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-eap7.1-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-eap7.2-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly10.0-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly10.1-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly11.0-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly12.0-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly13.0-server-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly14.0-server-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly8.2-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly9.0-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jboss-xnio-base-3.7.3-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-jgroups-4.0.20-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-narayana-5.9.6-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-narayana-compensations-5.9.6-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-narayana-jbosstxbridge-5.9.6-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-narayana-jbossxts-5.9.6-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-narayana-jts-idlj-5.9.6-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-narayana-jts-integration-5.9.6-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-narayana-restat-api-5.9.6-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-narayana-restat-bridge-5.9.6-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-narayana-restat-integration-5.9.6-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-narayana-restat-util-5.9.6-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-narayana-txframework-5.9.6-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-netty-4.1.34-2.Final_redhat_00002.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-netty-all-4.1.34-2.Final_redhat_00002.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-picketbox-5.0.3-5.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-picketbox-infinispan-5.0.3-5.Final_redhat_00004.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-picketlink-api-2.5.5-20.SP12_redhat_00007.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-picketlink-bindings-2.5.5-20.SP12_redhat_00007.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-picketlink-common-2.5.5-20.SP12_redhat_00007.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-picketlink-config-2.5.5-20.SP12_redhat_00007.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-picketlink-federation-2.5.5-20.SP12_redhat_00007.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-picketlink-idm-api-2.5.5-20.SP12_redhat_00007.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-picketlink-idm-impl-2.5.5-20.SP12_redhat_00007.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-picketlink-idm-simple-schema-2.5.5-20.SP12_redhat_00007.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-picketlink-impl-2.5.5-20.SP12_redhat_00007.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-picketlink-wildfly8-2.5.5-20.SP12_redhat_00007.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-undertow-2.0.25-1.SP1_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-weld-core-3.0.6-2.Final_redhat_00002.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-weld-core-impl-3.0.6-2.Final_redhat_00002.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-weld-core-jsf-3.0.6-2.Final_redhat_00002.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-weld-ejb-3.0.6-2.Final_redhat_00002.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-weld-jta-3.0.6-2.Final_redhat_00002.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-weld-probe-core-3.0.6-2.Final_redhat_00002.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-weld-web-3.0.6-2.Final_redhat_00002.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-wildfly-7.2.4-1.GA_redhat_00002.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-wildfly-elytron-1.6.4-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-wildfly-elytron-tool-1.4.3-1.Final_redhat_00001.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-wildfly-javadocs-7.2.4-1.GA_redhat_00002.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-wildfly-modules-7.2.4-1.GA_redhat_00002.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"eap7-wildfly-transaction-client-1.1.6-2.Final_redhat_00001.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"eap7-activemq-artemis / eap7-activemq-artemis-cli / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-22T15:24:19", "description": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es) :\n\n* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814)\n\n* undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212)\n\n* codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086)\n\n* undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "RHEL 8 : JBoss EAP (RHSA-2019:2937)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10184", "CVE-2019-10202", "CVE-2019-10212", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379"], "modified": "2019-12-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-tools", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-core-asl", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-jaxrs", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-mapper-asl", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-xc", "p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf", "p-cpe:/a:redhat:enterprise_linux:eap7-hal-console", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-annotations", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-core", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jdk8", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jsr310", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-base", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-json-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-module-jaxb-annotations", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-base", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-java8", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-jaxrs-api_2.1_spec", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logging", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling-river", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-msc", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-remoting", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-cli", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-core", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly13.0-server", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly14.0-server", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-xnio-base", "p-cpe:/a:redhat:enterprise_linux:eap7-jgroups", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-compensations", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbosstxbridge", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbossxts", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-idlj", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-integration", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-api", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-bridge", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-integration", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-util", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-txframework", "p-cpe:/a:redhat:enterprise_linux:eap7-netty", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-all", "p-cpe:/a:redhat:enterprise_linux:eap7-picketbox", "p-cpe:/a:redhat:enterprise_linux:eap7-picketbox-infinispan", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8", "p-cpe:/a:redhat:enterprise_linux:eap7-undertow", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-core", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-jsf", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-ejb", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-jta", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-probe-core", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-web", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron-tool", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-2937.NASL", "href": "https://www.tenable.com/plugins/nessus/129518", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2937. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129518);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/23\");\n\n script_cve_id(\"CVE-2019-10184\", \"CVE-2019-10202\", \"CVE-2019-10212\", \"CVE-2019-12086\", \"CVE-2019-12384\", \"CVE-2019-12814\", \"CVE-2019-14379\");\n script_xref(name:\"RHSA\", value:\"2019:2937\");\n\n script_name(english:\"RHEL 8 : JBoss EAP (RHSA-2019:2937)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.2 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.4\nserves as a replacement for Red Hat JBoss Enterprise Application\nPlatform 7.2.3, and includes bug fixes and enhancements. See the Red\nHat JBoss Enterprise Application Platform 7.2.4 Release Notes for\ninformation about the most significant bug fixes and enhancements\nincluded in this release.\n\nSecurity Fix(es) :\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* jackson-databind: failure to block the logback-core class from\npolymorphic deserialization leading to remote code execution\n(CVE-2019-12384)\n\n* jackson-databind: polymorphic typing issue allows attacker to read\narbitrary local files on the server via crafted JSON message\n(CVE-2019-12814)\n\n* undertow: DEBUG log for io.undertow.request.security if enabled\nleaks credentials to log files (CVE-2019-10212)\n\n* codehaus: incomplete fix for unsafe deserialization in\njackson-databind vulnerabilities (CVE-2019-10202)\n\n* jackson-databind: polymorphic typing issue allows attacker to read\narbitrary local files on the server (CVE-2019-12086)\n\n* undertow: Information leak in requests for directories without\ntrailing slashes (CVE-2019-10184)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-12086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-12384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-12814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-14379\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-core-asl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-mapper-asl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-xc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hal-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jdk8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jsr310\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-json-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-module-jaxb-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-java8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-jaxrs-api_2.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling-river\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-msc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly13.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly14.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-xnio-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-compensations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbosstxbridge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbossxts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-idlj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-integration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-bridge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-integration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-txframework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketbox-infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-undertow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-ejb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-jta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-probe-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron-tool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2937\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL8\", rpm:\"eap7-jboss\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-cli-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-commons-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-core-client-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-dto-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-hornetq-protocol-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-hqclient-protocol-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-jdbc-store-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-jms-client-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-jms-server-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-journal-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-ra-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-selector-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-server-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-service-extensions-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-activemq-artemis-tools-2.9.0-1.redhat_00005.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-codehaus-jackson-1.9.13-9.redhat_00006.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-codehaus-jackson-core-asl-1.9.13-9.redhat_00006.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-codehaus-jackson-jaxrs-1.9.13-9.redhat_00006.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-codehaus-jackson-mapper-asl-1.9.13-9.redhat_00006.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-codehaus-jackson-xc-1.9.13-9.redhat_00006.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-glassfish-jsf-2.3.5-4.SP3_redhat_00002.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-hal-console-3.0.16-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-hibernate-5.3.11-2.SP1_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-hibernate-core-5.3.11-2.SP1_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-hibernate-entitymanager-5.3.11-2.SP1_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-hibernate-envers-5.3.11-2.SP1_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-hibernate-java8-5.3.11-2.SP1_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-infinispan-9.3.7-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-infinispan-cachestore-jdbc-9.3.7-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-infinispan-cachestore-remote-9.3.7-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-infinispan-client-hotrod-9.3.7-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-infinispan-commons-9.3.7-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-infinispan-core-9.3.7-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-infinispan-hibernate-cache-commons-9.3.7-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-infinispan-hibernate-cache-spi-9.3.7-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-infinispan-hibernate-cache-v53-9.3.7-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-ironjacamar-1.4.17-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-ironjacamar-common-api-1.4.17-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-ironjacamar-common-impl-1.4.17-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-ironjacamar-common-spi-1.4.17-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-ironjacamar-core-api-1.4.17-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-ironjacamar-core-impl-1.4.17-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-ironjacamar-deployers-common-1.4.17-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-ironjacamar-jdbc-1.4.17-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-ironjacamar-validator-1.4.17-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jackson-annotations-2.9.9-1.redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jackson-core-2.9.9-1.redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jackson-databind-2.9.9.3-1.redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jackson-datatype-jdk8-2.9.9-1.redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jackson-datatype-jsr310-2.9.9-1.redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jackson-jaxrs-base-2.9.9-2.redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jackson-jaxrs-json-provider-2.9.9-2.redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jackson-module-jaxb-annotations-2.9.9-1.redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jackson-modules-base-2.9.9-1.redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jackson-modules-java8-2.9.9-1.redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-ejb-client-4.0.23-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-jaxrs-api_2.1_spec-1.0.3-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-logging-3.3.3-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-logmanager-2.1.14-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-marshalling-2.0.9-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-marshalling-river-2.0.9-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-msc-1.4.8-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-remoting-5.0.14-1.SP1_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-cli-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-core-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-eap6.4-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-eap7.0-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-eap7.1-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-eap7.2-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly10.0-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly10.1-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly11.0-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly12.0-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly13.0-server-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly14.0-server-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly8.2-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly9.0-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jboss-xnio-base-3.7.3-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-jgroups-4.0.20-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-narayana-5.9.6-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-narayana-compensations-5.9.6-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-narayana-jbosstxbridge-5.9.6-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-narayana-jbossxts-5.9.6-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-narayana-jts-idlj-5.9.6-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-narayana-jts-integration-5.9.6-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-narayana-restat-api-5.9.6-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-narayana-restat-bridge-5.9.6-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-narayana-restat-integration-5.9.6-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-narayana-restat-util-5.9.6-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-narayana-txframework-5.9.6-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-netty-4.1.34-2.Final_redhat_00002.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-netty-all-4.1.34-2.Final_redhat_00002.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-picketbox-5.0.3-5.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-picketbox-infinispan-5.0.3-5.Final_redhat_00004.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-picketlink-api-2.5.5-20.SP12_redhat_00007.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-picketlink-bindings-2.5.5-20.SP12_redhat_00007.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-picketlink-common-2.5.5-20.SP12_redhat_00007.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-picketlink-config-2.5.5-20.SP12_redhat_00007.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-picketlink-federation-2.5.5-20.SP12_redhat_00007.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-picketlink-idm-api-2.5.5-20.SP12_redhat_00007.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-picketlink-idm-impl-2.5.5-20.SP12_redhat_00007.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-picketlink-idm-simple-schema-2.5.5-20.SP12_redhat_00007.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-picketlink-impl-2.5.5-20.SP12_redhat_00007.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-picketlink-wildfly8-2.5.5-20.SP12_redhat_00007.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-undertow-2.0.25-1.SP1_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-weld-core-3.0.6-2.Final_redhat_00002.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-weld-core-impl-3.0.6-2.Final_redhat_00002.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-weld-core-jsf-3.0.6-2.Final_redhat_00002.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-weld-ejb-3.0.6-2.Final_redhat_00002.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-weld-jta-3.0.6-2.Final_redhat_00002.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-weld-probe-core-3.0.6-2.Final_redhat_00002.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-weld-web-3.0.6-2.Final_redhat_00002.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-wildfly-7.2.4-1.GA_redhat_00002.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-wildfly-elytron-1.6.4-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-wildfly-elytron-tool-1.4.3-1.Final_redhat_00001.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-wildfly-javadocs-7.2.4-1.GA_redhat_00002.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-wildfly-modules-7.2.4-1.GA_redhat_00002.1.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"eap7-wildfly-transaction-client-1.1.6-2.Final_redhat_00001.1.el8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"eap7-activemq-artemis / eap7-activemq-artemis-cli / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-22T15:24:20", "description": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es) :\n\n* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)\n\n* jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814)\n\n* undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212)\n\n* codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202)\n\n* jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086)\n\n* undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "RHEL 7 : JBoss EAP (RHSA-2019:2936)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10184", "CVE-2019-10202", "CVE-2019-10212", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379"], "modified": "2019-12-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-tools", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-core-asl", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-jaxrs", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-mapper-asl", "p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-xc", "p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf", "p-cpe:/a:redhat:enterprise_linux:eap7-hal-console", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers", "p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-annotations", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-core", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jdk8", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jsr310", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-base", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-json-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-module-jaxb-annotations", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-base", "p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-java8", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-jaxrs-api_2.1_spec", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logging", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling-river", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-msc", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-remoting", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-cli", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-core", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly13.0-server", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly14.0-server", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0-to-eap7.2", "p-cpe:/a:redhat:enterprise_linux:eap7-jboss-xnio-base", "p-cpe:/a:redhat:enterprise_linux:eap7-jgroups", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-compensations", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbosstxbridge", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbossxts", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-idlj", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-integration", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-api", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-bridge", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-integration", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-util", "p-cpe:/a:redhat:enterprise_linux:eap7-narayana-txframework", "p-cpe:/a:redhat:enterprise_linux:eap7-netty", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-all", "p-cpe:/a:redhat:enterprise_linux:eap7-picketbox", "p-cpe:/a:redhat:enterprise_linux:eap7-picketbox-infinispan", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8", "p-cpe:/a:redhat:enterprise_linux:eap7-undertow", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-core", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-jsf", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-ejb", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-jta", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-probe-core", "p-cpe:/a:redhat:enterprise_linux:eap7-weld-web", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron-tool", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-2936.NASL", "href": "https://www.tenable.com/plugins/nessus/129517", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2936. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129517);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/23\");\n\n script_cve_id(\"CVE-2019-10184\", \"CVE-2019-10202\", \"CVE-2019-10212\", \"CVE-2019-12086\", \"CVE-2019-12384\", \"CVE-2019-12814\", \"CVE-2019-14379\");\n script_xref(name:\"RHSA\", value:\"2019:2936\");\n\n script_name(english:\"RHEL 7 : JBoss EAP (RHSA-2019:2936)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.2 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.4\nserves as a replacement for Red Hat JBoss Enterprise Application\nPlatform 7.2.3, and includes bug fixes and enhancements. See the Red\nHat JBoss Enterprise Application Platform 7.2.4 Release Notes for\ninformation about the most significant bug fixes and enhancements\nincluded in this release.\n\nSecurity Fix(es) :\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* jackson-databind: failure to block the logback-core class from\npolymorphic deserialization leading to remote code execution\n(CVE-2019-12384)\n\n* jackson-databind: polymorphic typing issue allows attacker to read\narbitrary local files on the server via crafted JSON message\n(CVE-2019-12814)\n\n* undertow: DEBUG log for io.undertow.request.security if enabled\nleaks credentials to log files (CVE-2019-10212)\n\n* codehaus: incomplete fix for unsafe deserialization in\njackson-databind vulnerabilities (CVE-2019-10202)\n\n* jackson-databind: polymorphic typing issue allows attacker to read\narbitrary local files on the server (CVE-2019-12086)\n\n* undertow: Information leak in requests for directories without\ntrailing slashes (CVE-2019-10184)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-12086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-12384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-12814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-14379\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-core-asl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-mapper-asl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-xc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hal-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jdk8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jsr310\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-json-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-module-jaxb-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-java8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-jaxrs-api_2.1_spec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling-river\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-msc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly13.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly14.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0-to-eap7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-xnio-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-compensations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbosstxbridge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbossxts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-idlj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-integration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-bridge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-integration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-txframework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketbox-infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-undertow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-ejb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-jta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-probe-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-weld-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron-tool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2936\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"eap7-jboss\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-cli-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-commons-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-core-client-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-dto-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-hornetq-protocol-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-hqclient-protocol-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-jdbc-store-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-jms-client-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-jms-server-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-journal-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-ra-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-selector-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-server-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-service-extensions-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-activemq-artemis-tools-2.9.0-1.redhat_00005.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-codehaus-jackson-1.9.13-9.redhat_00006.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-codehaus-jackson-core-asl-1.9.13-9.redhat_00006.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-codehaus-jackson-jaxrs-1.9.13-9.redhat_00006.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-codehaus-jackson-mapper-asl-1.9.13-9.redhat_00006.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-codehaus-jackson-xc-1.9.13-9.redhat_00006.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-glassfish-jsf-2.3.5-4.SP3_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-hal-console-3.0.16-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-hibernate-5.3.11-2.SP1_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-hibernate-core-5.3.11-2.SP1_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-hibernate-entitymanager-5.3.11-2.SP1_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-hibernate-envers-5.3.11-2.SP1_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-hibernate-java8-5.3.11-2.SP1_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-infinispan-9.3.7-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-infinispan-cachestore-jdbc-9.3.7-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-infinispan-cachestore-remote-9.3.7-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-infinispan-client-hotrod-9.3.7-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-infinispan-commons-9.3.7-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-infinispan-core-9.3.7-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-infinispan-hibernate-cache-commons-9.3.7-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-infinispan-hibernate-cache-spi-9.3.7-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-infinispan-hibernate-cache-v53-9.3.7-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-ironjacamar-1.4.17-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-ironjacamar-common-api-1.4.17-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-ironjacamar-common-impl-1.4.17-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-ironjacamar-common-spi-1.4.17-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-ironjacamar-core-api-1.4.17-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-ironjacamar-core-impl-1.4.17-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-ironjacamar-deployers-common-1.4.17-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-ironjacamar-jdbc-1.4.17-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-ironjacamar-validator-1.4.17-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jackson-annotations-2.9.9-1.redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jackson-core-2.9.9-1.redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jackson-databind-2.9.9.3-1.redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jackson-datatype-jdk8-2.9.9-1.redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jackson-datatype-jsr310-2.9.9-1.redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jackson-jaxrs-base-2.9.9-2.redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jackson-jaxrs-json-provider-2.9.9-2.redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jackson-module-jaxb-annotations-2.9.9-1.redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jackson-modules-base-2.9.9-1.redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jackson-modules-java8-2.9.9-1.redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-ejb-client-4.0.23-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-jaxrs-api_2.1_spec-1.0.3-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-logging-3.3.3-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-logmanager-2.1.14-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-marshalling-2.0.9-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-marshalling-river-2.0.9-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-msc-1.4.8-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-remoting-5.0.14-1.SP1_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-cli-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-core-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-eap6.4-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-eap7.0-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-eap7.1-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-eap7.2-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly10.0-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly10.1-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly11.0-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly12.0-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly13.0-server-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly14.0-server-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly8.2-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly9.0-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jboss-xnio-base-3.7.3-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-jgroups-4.0.20-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-narayana-5.9.6-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-narayana-compensations-5.9.6-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-narayana-jbosstxbridge-5.9.6-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-narayana-jbossxts-5.9.6-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-narayana-jts-idlj-5.9.6-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-narayana-jts-integration-5.9.6-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-narayana-restat-api-5.9.6-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-narayana-restat-bridge-5.9.6-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-narayana-restat-integration-5.9.6-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-narayana-restat-util-5.9.6-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-narayana-txframework-5.9.6-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-netty-4.1.34-2.Final_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-netty-all-4.1.34-2.Final_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-picketbox-5.0.3-5.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-picketbox-infinispan-5.0.3-5.Final_redhat_00004.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-picketlink-api-2.5.5-20.SP12_redhat_00007.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-picketlink-bindings-2.5.5-20.SP12_redhat_00007.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-picketlink-common-2.5.5-20.SP12_redhat_00007.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-picketlink-config-2.5.5-20.SP12_redhat_00007.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-picketlink-federation-2.5.5-20.SP12_redhat_00007.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-picketlink-idm-api-2.5.5-20.SP12_redhat_00007.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-picketlink-idm-impl-2.5.5-20.SP12_redhat_00007.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-picketlink-idm-simple-schema-2.5.5-20.SP12_redhat_00007.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-picketlink-impl-2.5.5-20.SP12_redhat_00007.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-picketlink-wildfly8-2.5.5-20.SP12_redhat_00007.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-undertow-2.0.25-1.SP1_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-weld-core-3.0.6-2.Final_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-weld-core-impl-3.0.6-2.Final_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-weld-core-jsf-3.0.6-2.Final_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-weld-ejb-3.0.6-2.Final_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-weld-jta-3.0.6-2.Final_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-weld-probe-core-3.0.6-2.Final_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-weld-web-3.0.6-2.Final_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-wildfly-7.2.4-1.GA_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-wildfly-elytron-1.6.4-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-wildfly-elytron-tool-1.4.3-1.Final_redhat_00001.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-wildfly-java-jdk11-7.2.4-1.GA_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-wildfly-java-jdk8-7.2.4-1.GA_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-wildfly-javadocs-7.2.4-1.GA_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-wildfly-modules-7.2.4-1.GA_redhat_00002.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"eap7-wildfly-transaction-client-1.1.6-2.Final_redhat_00001.1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"eap7-activemq-artemis / eap7-activemq-artemis-cli / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-23T14:30:27", "description": "Several vulnerabilities were discovered in jetty, a Java servlet engine and webserver. An attacker may reveal cryptographic credentials such as passwords to a local user, disclose installation paths, hijack user sessions or tamper with collocated webapps.\n\nCVE-2017-9735\n\nJetty is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.\n\nCVE-2018-12536\n\nOn webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.\n\nCVE-2019-10241\n\nThe server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.\n\nCVE-2019-10247\n\nThe server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.\n\nCVE-2020-27216\n\nOn Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.\n\nThis update also includes several other bug fixes and improvements.\nFor more information please refer to the upstream changelog file.\n\nFor Debian 9 stretch, these problems have been fixed in version 9.2.30-0+deb9u1.\n\nWe recommend that you upgrade your jetty9 packages.\n\nFor the detailed security status of jetty9 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/jetty9\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-17T00:00:00", "type": "nessus", "title": "Debian DLA-2661-1 : jetty9 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9735", "CVE-2018-12536", "CVE-2019-10241", "CVE-2019-10247", "CVE-2020-27216"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:jetty9", "p-cpe:/a:debian:debian_linux:libjetty9-extra-java", "p-cpe:/a:debian:debian_linux:libjetty9-java", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2661.NASL", "href": "https://www.tenable.com/plugins/nessus/149518", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2661-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149518);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2017-9735\", \"CVE-2018-12536\", \"CVE-2019-10241\", \"CVE-2019-10247\", \"CVE-2020-27216\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Debian DLA-2661-1 : jetty9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities were discovered in jetty, a Java servlet\nengine and webserver. An attacker may reveal cryptographic credentials\nsuch as passwords to a local user, disclose installation paths, hijack\nuser sessions or tamper with collocated webapps.\n\nCVE-2017-9735\n\nJetty is prone to a timing channel in util/security/Password.java,\nwhich makes it easier for remote attackers to obtain access by\nobserving elapsed times before rejection of incorrect passwords.\n\nCVE-2018-12536\n\nOn webapps deployed using default Error Handling, when an\nintentionally bad query arrives that doesn't match a dynamic\nurl-pattern, and is eventually handled by the DefaultServlet's static\nfile serving, the bad characters can trigger a\njava.nio.file.InvalidPathException which includes the full path to the\nbase resource directory that the DefaultServlet and/or webapp is\nusing. If this InvalidPathException is then handled by the default\nError Handler, the InvalidPathException message is included in the\nerror response, revealing the full server path to the requesting\nsystem.\n\nCVE-2019-10241\n\nThe server is vulnerable to XSS conditions if a remote client USES a\nspecially formatted URL against the DefaultServlet or ResourceHandler\nthat is configured for showing a Listing of directory contents.\n\nCVE-2019-10247\n\nThe server running on any OS and Jetty version combination will reveal\nthe configured fully qualified directory base resource location on the\noutput of the 404 error for not finding a Context that matches the\nrequested path. The default server behavior on jetty-distribution and\njetty-home will include at the end of the Handler tree a\nDefaultHandler, which is responsible for reporting this 404 error, it\npresents the various configured contexts as HTML for users to click\nthrough to. This produced HTML includes output that contains the\nconfigured fully qualified directory base resource location for each\ncontext.\n\nCVE-2020-27216\n\nOn Unix like systems, the system's temporary directory is shared\nbetween all users on that system. A collocated user can observe the\nprocess of creating a temporary sub directory in the shared temporary\ndirectory and race to complete the creation of the temporary\nsubdirectory. If the attacker wins the race then they will have read\nand write permission to the subdirectory used to unpack web\napplications, including their WEB-INF/lib jar files and JSP files. If\nany code is ever executed out of this temporary directory, this can\nlead to a local privilege escalation vulnerability.\n\nThis update also includes several other bug fixes and improvements.\nFor more information please refer to the upstream changelog file.\n\nFor Debian 9 stretch, these problems have been fixed in version\n9.2.30-0+deb9u1.\n\nWe recommend that you upgrade your jetty9 packages.\n\nFor the detailed security status of jetty9 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/jetty9\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/jetty9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/jetty9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10247\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jetty9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjetty9-extra-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjetty9-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"jetty9\", reference:\"9.2.30-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libjetty9-extra-java\", reference:\"9.2.30-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libjetty9-java\", reference:\"9.2.30-0+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:28:05", "description": "An update for the nginx:1.14 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nNginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 (Post Office Protocol 3) and IMAP protocols, with a focus on high concurrency, performance and low memory usage.\n\nSecurity Fix(es) :\n\n* HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-20T00:00:00", "type": "nessus", "title": "RHEL 8 : nginx:1.14 (RHSA-2019:2799) (0-Length Headers Leak) (Data Dribble) (Resource Loop)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516", "CVE-2019-9517"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:nginx", "p-cpe:/a:redhat:enterprise_linux:nginx-all-modules", "p-cpe:/a:redhat:enterprise_linux:nginx-debugsource", "p-cpe:/a:redhat:enterprise_linux:nginx-filesystem", "p-cpe:/a:redhat:enterprise_linux:nginx-mod-http-image-filter", "p-cpe:/a:redhat:enterprise_linux:nginx-mod-http-perl", "p-cpe:/a:redhat:enterprise_linux:nginx-mod-http-xslt-filter", "p-cpe:/a:redhat:enterprise_linux:nginx-mod-mail", "p-cpe:/a:redhat:enterprise_linux:nginx-mod-stream", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "REDHAT-RHSA-2019-2799.NASL", "href": "https://www.tenable.com/plugins/nessus/129089", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2799. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129089);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n script_xref(name:\"RHSA\", value:\"2019:2799\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"RHEL 8 : nginx:1.14 (RHSA-2019:2799) (0-Length Headers Leak) (Data Dribble) (Resource Loop)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for the nginx:1.14 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNginx is a web server and a reverse proxy server for HTTP, SMTP, POP3\n(Post Office Protocol 3) and IMAP protocols, with a focus on high\nconcurrency, performance and low memory usage.\n\nSecurity Fix(es) :\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9516\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9517\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nginx-all-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nginx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nginx-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nginx-mod-http-image-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nginx-mod-http-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nginx-mod-http-xslt-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nginx-mod-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nginx-mod-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/nginx');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nginx:1.14');\nif ('1.14' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nginx:' + module_ver);\n\nappstreams = {\n 'nginx:1.14': [\n {'reference':'nginx-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-all-modules-1.14.1-9.module+el8.0.0+4108+af250afe', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-debugsource-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-debugsource-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-debugsource-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-filesystem-1.14.1-9.module+el8.0.0+4108+af250afe', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-http-image-filter-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-http-image-filter-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-http-image-filter-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-http-perl-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-http-perl-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-http-perl-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-http-xslt-filter-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-http-xslt-filter-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-http-xslt-filter-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-mail-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-mail-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-mail-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-stream-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-stream-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'nginx-mod-stream-1.14.1-9.module+el8.0.0+4108+af250afe', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nginx:1.14');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nginx / nginx-all-modules / nginx-debugsource / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-03T15:28:15", "description": "An update is now available for JBoss Core Services on RHEL 6 and RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked in the References section.\n\nSecurity Fix(es) :\n\n* mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\n* mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nBug Fix(es) :\n\n* nghttp2: Rebase to 1.39.2\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 (RHSA-2019:2946) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516", "CVE-2019-9517"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-2946.NASL", "href": "https://www.tenable.com/plugins/nessus/129520", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2946. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129520);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9513\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2946\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 (RHSA-2019:2946) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update is now available for JBoss Core Services on RHEL 6 and RHEL\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Core Services is a set of supplementary software for Red\nHat JBoss middleware products. This software, such as Apache HTTP\nServer, is common to multiple JBoss middleware products, and is\npackaged under Red Hat JBoss Core Services to allow for faster\ndistribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29\nService Pack 3 serves as an update to Red Hat JBoss Core Services\nApache HTTP Server 2.4.29, and includes bug fixes for CVEs which are\nlinked in the References section.\n\nSecurity Fix(es) :\n\n* mod_http2: HTTP/2: 0-length headers leads to denial of service\n(CVE-2019-9516)\n\n* mod_http2: HTTP/2: request for large response leads to denial of\nservice (CVE-2019-9517)\n\nBug Fix(es) :\n\n* nghttp2: Rebase to 1.39.2\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9517\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2946\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-devel-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-devel-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbcs-httpd24-httpd-manual-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-selinux-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-selinux-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-tools-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-tools-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_ldap-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ldap-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_session-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_session-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_ssl-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ssl-2.4.29-41.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-nghttp2-1.39.2-1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-1.39.2-1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-nghttp2-debuginfo-1.39.2-1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-debuginfo-1.39.2-1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-nghttp2-devel-1.39.2-1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-devel-1.39.2-1.jbcs.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-2.4.29-41.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.29-41.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-devel-2.4.29-41.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbcs-httpd24-httpd-manual-2.4.29-41.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-selinux-2.4.29-41.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-tools-2.4.29-41.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ldap-2.4.29-41.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.29-41.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_session-2.4.29-41.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ssl-2.4.29-41.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-1.39.2-1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-debuginfo-1.39.2-1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-devel-1.39.2-1.jbcs.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbcs-httpd24-httpd / jbcs-httpd24-httpd-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-23T14:31:22", "description": "Deserialization flaws were discovered in jackson-databind relating to EHCache and logback/jndi, which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2.4.2-2+deb8u8.\n\nWe recommend that you upgrade your jackson-databind packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-13T00:00:00", "type": "nessus", "title": "Debian DLA-1879-1 : jackson-databind security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14379", "CVE-2019-14439"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libjackson2-databind-java", "p-cpe:/a:debian:debian_linux:libjackson2-databind-java-doc", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1879.NASL", "href": "https://www.tenable.com/plugins/nessus/127821", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1879-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127821);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-14379\", \"CVE-2019-14439\");\n\n script_name(english:\"Debian DLA-1879-1 : jackson-databind security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Deserialization flaws were discovered in jackson-databind relating to\nEHCache and logback/jndi, which could allow an unauthenticated user to\nperform remote code execution. The issue was resolved by extending the\nblacklist and blocking more classes from polymorphic deserialization.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2.4.2-2+deb8u8.\n\nWe recommend that you upgrade your jackson-databind packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/jackson-databind\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjackson2-databind-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjackson2-databind-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libjackson2-databind-java\", reference:\"2.4.2-2+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libjackson2-databind-java-doc\", reference:\"2.4.2-2+deb8u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:18:05", "description": "More Polymorphic Typing issues were discovered in jackson-databind.\nWhen Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x or logback-core jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2.4.2-2+deb8u7.\n\nWe recommend that you upgrade your jackson-databind packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-24T00:00:00", "type": "nessus", "title": "Debian DLA-1831-1 : jackson-databind security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12384", "CVE-2019-12814"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libjackson2-databind-java", "p-cpe:/a:debian:debian_linux:libjackson2-databind-java-doc", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1831.NASL", "href": "https://www.tenable.com/plugins/nessus/126126", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1831-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126126);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-12384\", \"CVE-2019-12814\");\n\n script_name(english:\"Debian DLA-1831-1 : jackson-databind security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"More Polymorphic Typing issues were discovered in jackson-databind.\nWhen Default Typing is enabled (either globally or for a specific\nproperty) for an externally exposed JSON endpoint and the service has\nJDOM 1.x or 2.x or logback-core jar in the classpath, an attacker can\nsend a specifically crafted JSON message that allows them to read\narbitrary local files on the server.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2.4.2-2+deb8u7.\n\nWe recommend that you upgrade your jackson-databind packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/jackson-databind\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjackson2-databind-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjackson2-databind-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libjackson2-databind-java\", reference:\"2.4.2-2+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libjackson2-databind-java-doc\", reference:\"2.4.2-2+deb8u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:44:35", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has containerd.io packages installed that are affected by multiple vulnerabilities:\n\n - runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. (CVE-2019-16884)\n\n - runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.\n (CVE-2019-5736)\n\n - Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.\n (CVE-2019-9512)\n\n - Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service.\n The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. (CVE-2019-9514)\n\n - Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9515)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : containerd.io Multiple Vulnerabilities (NS-SA-2021-0006)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16884", "CVE-2019-5736", "CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0006_CONTAINERD_IO.NASL", "href": "https://www.tenable.com/plugins/nessus/147293", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0006. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147293);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-5736\",\n \"CVE-2019-9512\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-16884\"\n );\n script_bugtraq_id(106976);\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : containerd.io Multiple Vulnerabilities (NS-SA-2021-0006)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has containerd.io packages installed that are\naffected by multiple vulnerabilities:\n\n - runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor\n restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a\n malicious Docker image can mount over a /proc directory. (CVE-2019-16884)\n\n - runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite\n the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a\n command as root within one of these types of containers: (1) a new container with an attacker-controlled\n image, or (2) an existing container, to which the attacker previously had write access, that can be\n attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.\n (CVE-2019-5736)\n\n - Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The\n attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of\n responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.\n (CVE-2019-9512)\n\n - Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service.\n The attacker opens a number of streams and sends an invalid request over each stream that should solicit a\n stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this\n can consume excess memory, CPU, or both. (CVE-2019-9514)\n\n - Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of\n service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer\n reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in\n behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory,\n or both. (CVE-2019-9515)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0006\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL containerd.io packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5736\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Docker Container Escape Via runC Overwrite');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'containerd.io-1.2.13-1.el7.200814164614git76a9926'\n ],\n 'CGSL MAIN 5.04': [\n 'containerd.io-1.2.13-1.el7.200814164614git76a9926'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd.io');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:08:17", "description": "The version of Kubernetes installed on the remote host is a version prior to 1.13.10, or 1.14.x prior to 1.14.6, or 1.15.x prior to 1.15.3. It is, therefore, affected by the following denial of service vulnerabilities :\n\n - A denial of service (DoS) vulnerability exists in HTTP/2 due to some HTTP/2 implementations inefficiently handling a large queue of ping responses. An unauthenticated, remote attacker can exploit this issue, via continual ping requests, to cause the system to stop responding. (CVE-2019-9512) \n - A denial of service (DoS) vulnerability exists in HTTP/2 due to some HTTP/2 implementations inefficiently handling a queue of RST_STREAM frames. An unauthenticated, remote attacker can exploit this issue, by opening a number of streams and sending an invalid request over each stream, to cause the system to stop responding. (CVE-2019-9514)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-31T00:00:00", "type": "nessus", "title": "Kubernetes 1.13.x < 1.13.10 / 1.14.x < 1.14.6 / 1.15.x < 1.15.3 DoS", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:kubernetes:kubernetes", "cpe:/a:google:kubernetes"], "id": "KUBERNETES_1_15_3.NASL", "href": "https://www.tenable.com/plugins/nessus/135030", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135030);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Kubernetes 1.13.x < 1.13.10 / 1.14.x < 1.14.6 / 1.15.x < 1.15.3 DoS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Kubernetes installed on the remote host is a version prior to 1.13.10, or 1.14.x prior to 1.14.6, or\n1.15.x prior to 1.15.3. It is, therefore, affected by the following denial of service vulnerabilities :\n\n - A denial of service (DoS) vulnerability exists in HTTP/2 due to some HTTP/2 implementations inefficiently\n handling a large queue of ping responses. An unauthenticated, remote attacker can exploit this issue, via\n continual ping requests, to cause the system to stop responding. (CVE-2019-9512)\n \n - A denial of service (DoS) vulnerability exists in HTTP/2 due to some HTTP/2 implementations inefficiently\n handling a queue of RST_STREAM frames. An unauthenticated, remote attacker can exploit this issue, by\n opening a number of streams and sending an invalid request over each stream, to cause the system to stop\n responding. (CVE-2019-9514)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's\nself-reported version number.\");\n # https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e8a25528\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Kubernetes 1.13.10, 1.14.6, 1.15.3 or later, please refer to the vendor advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9512\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:kubernetes:kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:kubernetes\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kube_detect.nbin\");\n script_require_keys(\"installed_sw/Kubernetes\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp_name = 'Kubernetes';\napp_info = vcf::get_app_info(app:app_name);\n\nvcf::check_all_backporting(app_info:app_info);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { 'min_version' : '1.13.0', 'fixed_version' : '1.13.10' },\n { 'min_version' : '1.14.0', 'fixed_version' : '1.14.6' },\n { 'min_version' : '1.15.0', 'fixed_version' : '1.15.3' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:33:37", "description": "An update is now available for Red Hat OpenShift Container Platform 3.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThe following RPM packages have been rebuilt with updated version of Go, which includes the security fixes listed further below :\n\natomic-enterprise-service-catalog atomic-openshift-cluster-autoscaler atomic-openshift-descheduler atomic-openshift-metrics-server atomic-openshift-node-problem-detector atomic-openshift-service-idler atomic-openshift-web-console cockpit csi-attacher csi-driver-registrar csi-livenessprobe csi-provisioner golang-github-openshift-oauth-proxy golang-github-openshift-prometheus-alert-buffer golang-github-prometheus-alertmanager golang-github-prometheus-node_exporter golang-github-prometheus-prometheus hawkular-openshift-agent heapster image-inspector openshift-enterprise-autoheal openshift-enterprise-cluster-capacity openshift-eventrouter openshift-external-storage\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-20T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 3.11 HTTP/2 (RHSA-2019:3906) (Ping Flood) (Reset Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog", "p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog-svcat", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-autoscaler", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-descheduler", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-metrics-server", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node-problem-detector", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-service-idler", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-web-console", "p-cpe:/a:redhat:enterprise_linux:cockpit-debuginfo", "p-cpe:/a:redhat:enterprise_linux:cockpit-kubernetes", "p-cpe:/a:redhat:enterprise_linux:csi-attacher", "p-cpe:/a:redhat:enterprise_linux:csi-attacher-debuginfo", "p-cpe:/a:redhat:enterprise_linux:csi-driver-registrar", "p-cpe:/a:redhat:enterprise_linux:csi-driver-registrar-debuginfo", "p-cpe:/a:redhat:enterprise_linux:csi-livenessprobe", "p-cpe:/a:redhat:enterprise_linux:csi-livenessprobe-debuginfo", "p-cpe:/a:redhat:enterprise_linux:csi-provisioner", "p-cpe:/a:redhat:enterprise_linux:csi-provisioner-debuginfo", "p-cpe:/a:redhat:enterprise_linux:golang-github-openshift-oauth-proxy", "p-cpe:/a:redhat:enterprise_linux:golang-github-openshift-prometheus-alert-buffer", "p-cpe:/a:redhat:enterprise_linux:hawkular-openshift-agent", "p-cpe:/a:redhat:enterprise_linux:heapster", "p-cpe:/a:redhat:enterprise_linux:image-inspector", "p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-autoheal", "p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-cluster-capacity", "p-cpe:/a:redhat:enterprise_linux:openshift-eventrouter", "p-cpe:/a:redhat:enterprise_linux:openshift-eventrouter-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-cephfs-provisioner", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-efs-provisioner", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-local-provisioner", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-manila-provisioner", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-snapshot-controller", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-snapshot-provisioner", "p-cpe:/a:redhat:enterprise_linux:prometheus", "p-cpe:/a:redhat:enterprise_linux:prometheus-alertmanager", "p-cpe:/a:redhat:enterprise_linux:prometheus-node-exporter", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3906.NASL", "href": "https://www.tenable.com/plugins/nessus/131154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3906. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131154);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"RHSA\", value:\"2019:3906\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11 HTTP/2 (RHSA-2019:3906) (Ping Flood) (Reset Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update is now available for Red Hat OpenShift Container Platform\n3.11.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nThe following RPM packages have been rebuilt with updated version of\nGo, which includes the security fixes listed further below :\n\natomic-enterprise-service-catalog atomic-openshift-cluster-autoscaler\natomic-openshift-descheduler atomic-openshift-metrics-server\natomic-openshift-node-problem-detector atomic-openshift-service-idler\natomic-openshift-web-console cockpit csi-attacher csi-driver-registrar\ncsi-livenessprobe csi-provisioner golang-github-openshift-oauth-proxy\ngolang-github-openshift-prometheus-alert-buffer\ngolang-github-prometheus-alertmanager\ngolang-github-prometheus-node_exporter\ngolang-github-prometheus-prometheus hawkular-openshift-agent heapster\nimage-inspector openshift-enterprise-autoheal\nopenshift-enterprise-cluster-capacity openshift-eventrouter\nopenshift-external-storage\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9514\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog-svcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-autoscaler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-descheduler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-metrics-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node-problem-detector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-service-idler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-web-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cockpit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cockpit-kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:csi-attacher\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:csi-attacher-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:csi-driver-registrar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:csi-driver-registrar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:csi-livenessprobe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:csi-livenessprobe-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:csi-provisioner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:csi-provisioner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-github-openshift-oauth-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-github-openshift-prometheus-alert-buffer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hawkular-openshift-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:heapster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:image-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-autoheal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-cluster-capacity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-eventrouter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-eventrouter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-cephfs-provisioner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-efs-provisioner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-local-provisioner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-manila-provisioner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-snapshot-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-snapshot-provisioner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:prometheus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:prometheus-alertmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:prometheus-node-exporter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3906\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"atomic-enterprise-service-catalog-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-enterprise-service-catalog-3.11.154-1.git.1.fa68ced.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-enterprise-service-catalog-svcat-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-enterprise-service-catalog-svcat-3.11.154-1.git.1.fa68ced.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-cluster-autoscaler-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-cluster-autoscaler-3.11.154-1.git.1.532da7a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-descheduler-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-descheduler-3.11.154-1.git.1.1d31032.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-metrics-server-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-metrics-server-3.11.154-1.git.1.6a6b6ce.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-problem-detector-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-problem-detector-3.11.154-1.git.1.5e8e065.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-service-idler-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-service-idler-3.11.154-1.git.1.f80fb86.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-web-console-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-web-console-3.11.154-1.git.1.f54cb18.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cockpit-debuginfo-195-2.rhaos.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cockpit-kubernetes-195-2.rhaos.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"csi-attacher-0.2.0-4.git27299be.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"csi-attacher-debuginfo-0.2.0-4.git27299be.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"csi-driver-registrar-0.2.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"csi-driver-registrar-debuginfo-0.2.0-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"csi-livenessprobe-0.0.1-2.gitff5b6a0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"csi-livenessprobe-debuginfo-0.0.1-2.gitff5b6a0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"csi-provisioner-0.2.0-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"csi-provisioner-debuginfo-0.2.0-3.el7\")) flag++;\n if (rpm_exists(rpm:\"golang-github-openshift-oauth-proxy-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"golang-github-openshift-oauth-proxy-3.11.154-1.git.1.220e3dc.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"golang-github-openshift-prometheus-alert-buffer-0-3.gitceca8c1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"hawkular-openshift-agent-1.2.2-3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"heapster-1.3.0-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"image-inspector-2.4.0-4.el7\")) flag++;\n if (rpm_exists(rpm:\"openshift-enterprise-autoheal-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-enterprise-autoheal-3.11.154-1.git.1.13199be.el7\")) flag++;\n if (rpm_exists(rpm:\"openshift-enterprise-cluster-capacity-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-enterprise-cluster-capacity-3.11.154-1.git.1.5798c2c.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-eventrouter-0.2-4.git7c289cc.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-eventrouter-debuginfo-0.2-4.git7c289cc.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-cephfs-provisioner-0.0.2-9.gitd3c94f0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-debuginfo-0.0.2-9.gitd3c94f0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-efs-provisioner-0.0.2-9.gitd3c94f0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-local-provisioner-0.0.2-9.gitd3c94f0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-manila-provisioner-0.0.2-9.gitd3c94f0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-snapshot-controller-0.0.2-9.gitd3c94f0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-snapshot-provisioner-0.0.2-9.gitd3c94f0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"prometheus-3.11.154-1.git.1.148db48.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"prometheus-alertmanager-3.11.154-1.git.1.4acd2e6.el7\")) flag++;\n if (rpm_exists(rpm:\"prometheus-node-exporter-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"prometheus-node-exporter-3.11.154-1.git.1.bc9f224.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-enterprise-service-catalog / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:23:40", "description": "The traefik project reports :\n\nUpdate of dependency to go go1.12.8 resolves potential HTTP/2 denial of service in traefik.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "FreeBSD : traefik -- Denial of service in HTTP/2 (41f4baac-bf77-11e9-8d2f-5404a68ad561) (Ping Flood) (Reset Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:traefik", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_41F4BAACBF7711E98D2F5404A68AD561.NASL", "href": "https://www.tenable.com/plugins/nessus/127947", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127947);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"FreeBSD : traefik -- Denial of service in HTTP/2 (41f4baac-bf77-11e9-8d2f-5404a68ad561) (Ping Flood) (Reset Flood)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The traefik project reports :\n\nUpdate of dependency to go go1.12.8 resolves potential HTTP/2 denial\nof service in traefik.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/containous/traefik/releases/tag/v1.7.14\"\n );\n # https://vuxml.freebsd.org/freebsd/41f4baac-bf77-11e9-8d2f-5404a68ad561.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d5b50cf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:traefik\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"traefik<1.7.14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:25:55", "description": "An update for the openshift and atomic-enterprise-service-catalog packages is now available for Red Hat OpenShift Container Platform 4.1.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nBoth the openshift and atomic-enterprise-service-catalog packages have been rebuilt with updates versions of golang. The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "RHEL 7 / 8 : Red Hat OpenShift Container Platform 4.1 openshift RPM (RHSA-2019:2661) (Ping Flood) (Reset Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog", "p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog-svcat", "p-cpe:/a:redhat:enterprise_linux:openshift-clients", "p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-2661.NASL", "href": "https://www.tenable.com/plugins/nessus/128657", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2661. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128657);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"RHSA\", value:\"2019:2661\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"RHEL 7 / 8 : Red Hat OpenShift Container Platform 4.1 openshift RPM (RHSA-2019:2661) (Ping Flood) (Reset Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for the openshift and atomic-enterprise-service-catalog\npackages is now available for Red Hat OpenShift Container Platform\n4.1.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nBoth the openshift and atomic-enterprise-service-catalog packages have\nbeen rebuilt with updates versions of golang. The golang packages\nprovide the Go programming language compiler.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9514\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog-svcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x / 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2661\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-enterprise-service-catalog-4.1.14-201908290858.git.1.28cc9ff.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-enterprise-service-catalog-svcat-4.1.14-201908290858.git.1.28cc9ff.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-clients-4.1.14-201908290858.git.0.3bd3467.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-clients-redistributable-4.1.14-201908290858.git.0.3bd3467.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-hyperkube-4.1.14-201908290858.git.0.3bd3467.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"openshift-clients-4.1.14-201908290858.git.0.3bd3467.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"openshift-clients-redistributable-4.1.14-201908290858.git.0.3bd3467.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"openshift-hyperkube-4.1.14-201908290858.git.0.3bd3467.el8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-enterprise-service-catalog / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:27:03", "description": "From Red Hat Security Advisory 2019:2726 :\n\nAn update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGo Toolset provides the Go programming language tools and libraries.\nGo is alternatively known as golang.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Failure trying to conntect to image registry using TLS when buildah is compiled with FIPS mode (BZ#1743169)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-19T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : go-toolset:ol8 (ELSA-2019-2726) (Ping Flood) (Reset Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:go-toolset", "p-cpe:/a:oracle:linux:golang", "p-cpe:/a:oracle:linux:golang-bin", "p-cpe:/a:oracle:linux:golang-docs", "p-cpe:/a:oracle:linux:golang-misc", "p-cpe:/a:oracle:linux:golang-race", "p-cpe:/a:oracle:linux:golang-src", "p-cpe:/a:oracle:linux:golang-tests", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-2726.NASL", "href": "https://www.tenable.com/plugins/nessus/129036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2726 and \n# Oracle Linux Security Advisory ELSA-2019-2726 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129036);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"RHSA\", value:\"2019:2726\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Oracle Linux 8 : go-toolset:ol8 (ELSA-2019-2726) (Ping Flood) (Reset Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:2726 :\n\nAn update for the go-toolset:rhel8 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGo Toolset provides the Go programming language tools and libraries.\nGo is alternatively known as golang.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Failure trying to conntect to image registry using TLS when buildah\nis compiled with FIPS mode (BZ#1743169)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-September/009174.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected go-toolset:ol8 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:go-toolset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"go-toolset-1.11.13-1.module+el8.0.1+5334+cadcb96c\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"golang-1.11.13-2.module+el8.0.1+5334+cadcb96c\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"golang-bin-1.11.13-2.module+el8.0.1+5334+cadcb96c\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"golang-docs-1.11.13-2.module+el8.0.1+5334+cadcb96c\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"golang-misc-1.11.13-2.module+el8.0.1+5334+cadcb96c\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"golang-race-1.11.13-2.module+el8.0.1+5334+cadcb96c\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"golang-src-1.11.13-2.module+el8.0.1+5334+cadcb96c\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"golang-tests-1.11.13-2.module+el8.0.1+5334+cadcb96c\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"go-toolset / golang / golang-bin / golang-docs / golang-misc / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:29:33", "description": "An update is now available for Red Hat OpenShift Container Platform 4.1.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the ansible-operator, apb, containernetworking-plugins, golang-github-openshift-prometheus-alert-buffer, golang-github-prometheus-promu and openshift-eventrouter RPM packages for Red Hat OpenShift Container Platform 4.1.21. These packages have been rebuilt with an updated version of Go to address the below security issues.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-31T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 4.1 (RHSA-2019:3265) (Ping Flood) (Reset Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ansible-operator", "p-cpe:/a:redhat:enterprise_linux:ansible-operator-container-scripts", "p-cpe:/a:redhat:enterprise_linux:ansible-operator-devel", "p-cpe:/a:redhat:enterprise_linux:apb", "p-cpe:/a:redhat:enterprise_linux:apb-container-scripts", "p-cpe:/a:redhat:enterprise_linux:apb-devel", "p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins", "p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debuginfo", "p-cpe:/a:redhat:enterprise_linux:golang-github-openshift-prometheus-alert-buffer", "p-cpe:/a:redhat:enterprise_linux:golang-github-prometheus-promu", "p-cpe:/a:redhat:enterprise_linux:openshift-eventrouter", "p-cpe:/a:redhat:enterprise_linux:openshift-eventrouter-debuginfo", "p-cpe:/a:redhat:enterprise_linux:prometheus-promu", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3265.NASL", "href": "https://www.tenable.com/plugins/nessus/130418", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3265. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130418);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"RHSA\", value:\"2019:3265\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 4.1 (RHSA-2019:3265) (Ping Flood) (Reset Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update is now available for Red Hat OpenShift Container Platform\n4.1.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nThis advisory contains the ansible-operator, apb,\ncontainernetworking-plugins,\ngolang-github-openshift-prometheus-alert-buffer,\ngolang-github-prometheus-promu and openshift-eventrouter RPM packages\nfor Red Hat OpenShift Container Platform 4.1.21. These packages have\nbeen rebuilt with an updated version of Go to address the below\nsecurity issues.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9514\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-operator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-operator-container-scripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-operator-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apb-container-scripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-github-openshift-prometheus-alert-buffer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-github-prometheus-promu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-eventrouter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-eventrouter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:prometheus-promu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3265\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ansible-operator-0.0.1-3.git.59.4beb3d2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ansible-operator-container-scripts-0.0.1-3.git.59.4beb3d2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ansible-operator-devel-0.0.1-3.git.59.4beb3d2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"apb-2.0.3-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"apb-container-scripts-2.0.3-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"apb-devel-2.0.3-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"containernetworking-plugins-0.8.1-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"containernetworking-plugins-debuginfo-0.8.1-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"golang-github-openshift-prometheus-alert-buffer-0-3.gitceca8c1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"golang-github-prometheus-promu-0-5.git85ceabc.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-eventrouter-0.2-3.gited73fb6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-eventrouter-debuginfo-0.2-3.gited73fb6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"prometheus-promu-0-5.git85ceabc.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ansible-operator / ansible-operator-container-scripts / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:29:31", "description": "An update for apb, containernetworking-plugins, and golang-github-prometheus-promu is now available for Red Hat OpenShift Container Platform 4.2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThe following packages have been rebuilt with an updated version of golang: apb (2.0.3), containernetworking-plugins (0.8.1), and golang-github-prometheus-promu (0.5.0).\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-30T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 4.2 (RHSA-2019:3245) (Ping Flood) (Reset Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:apb", "p-cpe:/a:redhat:enterprise_linux:apb-container-scripts", "p-cpe:/a:redhat:enterprise_linux:apb-devel", "p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins", "p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debuginfo", "p-cpe:/a:redhat:enterprise_linux:golang-github-prometheus-promu", "p-cpe:/a:redhat:enterprise_linux:prometheus-promu", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3245.NASL", "href": "https://www.tenable.com/plugins/nessus/130385", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3245. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130385);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"RHSA\", value:\"2019:3245\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 4.2 (RHSA-2019:3245) (Ping Flood) (Reset Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for apb, containernetworking-plugins, and\ngolang-github-prometheus-promu is now available for Red Hat OpenShift\nContainer Platform 4.2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nThe following packages have been rebuilt with an updated version of\ngolang: apb (2.0.3), containernetworking-plugins (0.8.1), and\ngolang-github-prometheus-promu (0.5.0).\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9514\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apb-container-scripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-github-prometheus-promu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:prometheus-promu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3245\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"apb-2.0.3-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"apb-container-scripts-2.0.3-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"apb-devel-2.0.3-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"containernetworking-plugins-0.8.1-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"containernetworking-plugins-debuginfo-0.8.1-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"golang-github-prometheus-promu-0.5.0-2.git642a960.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"prometheus-promu-0.5.0-2.git642a960.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apb / apb-container-scripts / apb-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:05:17", "description": "From Red Hat Security Advisory 2019:4273 :\n\nAn update for the container-tools:1.0 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-06T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : container-tools:1.0 (ELSA-2019-4273) (Ping Flood) (Reset Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:buildah", "p-cpe:/a:oracle:linux:container-selinux", "p-cpe:/a:oracle:linux:containernetworking-plugins", "p-cpe:/a:oracle:linux:containers-common", "p-cpe:/a:oracle:linux:fuse-overlayfs", "p-cpe:/a:oracle:linux:oci-systemd-hook", "p-cpe:/a:oracle:linux:oci-umount", "p-cpe:/a:oracle:linux:podman", "p-cpe:/a:oracle:linux:podman-docker", "p-cpe:/a:oracle:linux:runc", "p-cpe:/a:oracle:linux:skopeo", "p-cpe:/a:oracle:linux:slirp4netns", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-4273.NASL", "href": "https://www.tenable.com/plugins/nessus/132668", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:4273 and \n# Oracle Linux Security Advisory ELSA-2019-4273 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132668);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"RHSA\", value:\"2019:4273\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Oracle Linux 8 : container-tools:1.0 (ELSA-2019-4273) (Ping Flood) (Reset Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:4273 :\n\nAn update for the container-tools:1.0 module is now available for Red\nHat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe container-tools module contains tools for working with containers,\nnotably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2020-January/009495.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected container-tools:1.0 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor notes.\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:buildah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:container-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:containernetworking-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:containers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fuse-overlayfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:oci-systemd-hook\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:oci-umount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:podman-docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:skopeo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:slirp4netns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"buildah-1.5-6.0.1.gite94b4f9.module+el8.1.0+5459+24f6812a\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"container-selinux-2.94-1.git1e99f1d.module+el8.1.0+5440+42cffa37\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"containernetworking-plugins-0.7.4-4.git9ebe139.module+el8.1.0+5459+24f6812a\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"containers-common-0.1.32-6.0.1.git1715c90.module+el8.1.0+5459+24f6812a\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"fuse-overlayfs-0.3-5.module+el8.1.0+5440+42cffa37\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+5440+42cffa37\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"oci-umount-2.3.4-2.git87f9237.module+el8.1.0+5440+42cffa37\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"podman-1.0.0-4.git921f98f.module+el8.1.0+5459+24f6812a\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"podman-docker-1.0.0-4.git921f98f.module+el8.1.0+5459+24f6812a\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"runc-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+5459+24f6812a\", rc_precedence:TRUE)) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"skopeo-0.1.32-6.0.1.git1715c90.module+el8.1.0+5459+24f6812a\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+5440+42cffa37\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"buildah / container-selinux / containernetworking-plugins / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:30:31", "description": "An update is now available for Red Hat OpenShift Container Platform 4.1.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the cri-o, cri-tools, faq, ignition, openshift-external-storage and pivot RPM packages, which have been rebuilt with an updated version of golang for Red Hat OpenShift Container Platform 4.1.20.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-17T00:00:00", "type": "nessus", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.1.20 golang (RHSA-2019:3131) (Ping Flood) (Reset Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:cri-o", "p-cpe:/a:redhat:enterprise_linux:cri-o-debuginfo", "p-cpe:/a:redhat:enterprise_linux:cri-tools", "p-cpe:/a:redhat:enterprise_linux:cri-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:faq", "p-cpe:/a:redhat:enterprise_linux:faq-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ignition", "p-cpe:/a:redhat:enterprise_linux:ignition-validate", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-cephfs-provisioner", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-efs-provisioner", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-local-provisioner", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-manila-provisioner", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-snapshot-controller", "p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-snapshot-provisioner", "p-cpe:/a:redhat:enterprise_linux:pivot", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-3131.NASL", "href": "https://www.tenable.com/plugins/nessus/129995", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3131. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129995);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"RHSA\", value:\"2019:3131\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.1.20 golang (RHSA-2019:3131) (Ping Flood) (Reset Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update is now available for Red Hat OpenShift Container Platform\n4.1.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nThis advisory contains the cri-o, cri-tools, faq, ignition,\nopenshift-external-storage and pivot RPM packages, which have been\nrebuilt with an updated version of golang for Red Hat OpenShift\nContainer Platform 4.1.20.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9514\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cri-o\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cri-o-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cri-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cri-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:faq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:faq-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ignition\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ignition-validate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-cephfs-provisioner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-efs-provisioner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-local-provisioner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-manila-provisioner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-snapshot-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-snapshot-provisioner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pivot\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x / 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3131\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"atomic-openshift-\") || rpm_exists(release:\"RHEL8\", rpm:\"atomic-openshift-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenShift\");\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cri-o-1.13.11-0.10.dev.rhaos4.1.gitbdeb2ca.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cri-o-debuginfo-1.13.11-0.10.dev.rhaos4.1.gitbdeb2ca.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cri-tools-1.13.0-2.rhaos4.1.gitc06001f.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cri-tools-debuginfo-1.13.0-2.rhaos4.1.gitc06001f.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"faq-0.0.6-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"faq-debuginfo-0.0.6-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-cephfs-provisioner-0.0.2-7.gitd3c94f0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-debuginfo-0.0.2-7.gitd3c94f0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-efs-provisioner-0.0.2-7.gitd3c94f0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-local-provisioner-0.0.2-7.gitd3c94f0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-manila-provisioner-0.0.2-7.gitd3c94f0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-snapshot-controller-0.0.2-7.gitd3c94f0.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-external-storage-snapshot-provisioner-0.0.2-7.gitd3c94f0.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"cri-o-1.13.11-0.13.dev.rhaos4.1.gitbdeb2ca.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"cri-tools-1.13.0-3.rhaos4.1.gitb69a0b9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"ignition-0.32.0-2.git5941fc0.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"ignition-validate-0.32.0-2.git5941fc0.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"pivot-0.0.5-2.el8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cri-o / cri-o-debuginfo / cri-tools / cri-tools-debuginfo / faq / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:27:32", "description": "An update for go-toolset-1.11 and go-toolset-1.11-golang is now available for Red Hat Developer Tools.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGo Toolset provides the Go programming language tools and libraries.\nGo is alternatively known as golang.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "RHEL 7 : go-toolset-1.11 and go-toolset-1.11-golang (RHSA-2019:2682) (Ping Flood) (Reset Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-build", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang-bin", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang-docs", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang-misc", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang-race", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang-src", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang-tests", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-runtime", "p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-scldevel", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-2682.NASL", "href": "https://www.tenable.com/plugins/nessus/128659", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2682. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128659);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"RHSA\", value:\"2019:2682\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"RHEL 7 : go-toolset-1.11 and go-toolset-1.11-golang (RHSA-2019:2682) (Ping Flood) (Reset Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for go-toolset-1.11 and go-toolset-1.11-golang is now\navailable for Red Hat Developer Tools.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGo Toolset provides the Go programming language tools and libraries.\nGo is alternatively known as golang.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9514\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset-1.11-scldevel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2682\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"aarch64\", reference:\"go-toolset-1.11-1.11.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"go-toolset-1.11-1.11.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"go-toolset-1.11-1.11.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"aarch64\", reference:\"go-toolset-1.11-build-1.11.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"go-toolset-1.11-build-1.11.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"go-toolset-1.11-build-1.11.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"aarch64\", reference:\"go-toolset-1.11-golang-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"go-toolset-1.11-golang-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"go-toolset-1.11-golang-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"aarch64\", reference:\"go-toolset-1.11-golang-bin-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"go-toolset-1.11-golang-bin-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"go-toolset-1.11-golang-bin-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"go-toolset-1.11-golang-docs-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"aarch64\", reference:\"go-toolset-1.11-golang-misc-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"go-toolset-1.11-golang-misc-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"go-toolset-1.11-golang-misc-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"go-toolset-1.11-golang-race-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"aarch64\", reference:\"go-toolset-1.11-golang-src-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"go-toolset-1.11-golang-src-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"go-toolset-1.11-golang-src-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"aarch64\", reference:\"go-toolset-1.11-golang-tests-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"go-toolset-1.11-golang-tests-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"go-toolset-1.11-golang-tests-1.11.13-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"aarch64\", reference:\"go-toolset-1.11-runtime-1.11.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"go-toolset-1.11-runtime-1.11.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"go-toolset-1.11-runtime-1.11.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"aarch64\", reference:\"go-toolset-1.11-scldevel-1.11.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"go-toolset-1.11-scldevel-1.11.13-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"go-toolset-1.11-scldevel-1.11.13-1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"go-toolset-1.11 / go-toolset-1.11-build / go-toolset-1.11-golang / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:41:04", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:4273 advisory.\n\n - HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n - HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : container-tools:1.0 (CESA-2019:4273)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:buildah", "p-cpe:/a:centos:centos:container-selinux", "p-cpe:/a:centos:centos:containernetworking-plugins", "p-cpe:/a:centos:centos:containers-common", "p-cpe:/a:centos:centos:fuse-overlayfs", "p-cpe:/a:centos:centos:oci-systemd-hook", "p-cpe:/a:centos:centos:oci-umount", "p-cpe:/a:centos:centos:podman", "p-cpe:/a:centos:centos:podman-docker", "p-cpe:/a:centos:centos:runc", "p-cpe:/a:centos:centos:skopeo", "p-cpe:/a:centos:centos:slirp4netns"], "id": "CENTOS8_RHSA-2019-4273.NASL", "href": "https://www.tenable.com/plugins/nessus/145582", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:4273. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145582);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"RHSA\", value:\"2019:4273\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"CentOS 8 : container-tools:1.0 (CESA-2019:4273)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:4273 advisory.\n\n - HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n - HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:4273\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9514\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:buildah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:container-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:containernetworking-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:containers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fuse-overlayfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:oci-systemd-hook\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:oci-umount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:podman-docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:skopeo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:slirp4netns\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/container-tools');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:1.0');\nif ('1.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver);\n\nappstreams = {\n 'container-tools:1.0': [\n {'reference':'buildah-1.5-6.gite94b4f9.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'buildah-1.5-6.gite94b4f9.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'container-selinux-2.94-1.git1e99f1d.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'container-selinux-2.94-1.git1e99f1d.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containernetworking-plugins-0.7.4-4.git9ebe139.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containernetworking-plugins-0.7.4-4.git9ebe139.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containers-common-0.1.32-6.git1715c90.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'containers-common-0.1.32-6.git1715c90.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'fuse-overlayfs-0.3-5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fuse-overlayfs-0.3-5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-1.0.0-4.git921f98f.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-1.0.0-4.git921f98f.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-docker-1.0.0-4.git921f98f.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-docker-1.0.0-4.git921f98f.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.0-56.rc5.dev.git2abd837.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.0-56.rc5.dev.git2abd837.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'skopeo-0.1.32-6.git1715c90.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'skopeo-0.1.32-6.git1715c90.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'slirp4netns-0.1-3.dev.gitc4e1bc5.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slirp4netns-0.1-3.dev.gitc4e1bc5.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:1.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / container-selinux / containernetworking-plugins / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:23:00", "description": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9512)\n\nSome HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. (CVE-2019-9514)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : golang (ALAS-2019-1272) (Ping Flood) (Reset Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:golang", "p-cpe:/a:amazon:linux:golang-bin", "p-cpe:/a:amazon:linux:golang-docs", "p-cpe:/a:amazon:linux:golang-misc", "p-cpe:/a:amazon:linux:golang-src", "p-cpe:/a:amazon:linux:golang-tests", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1272.NASL", "href": "https://www.tenable.com/plugins/nessus/128286", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1272.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128286);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"ALAS\", value:\"2019-1272\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Amazon Linux 2 : golang (ALAS-2019-1272) (Ping Flood) (Reset Flood)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Some HTTP/2 implementations are vulnerable to ping floods, potentially\nleading to a denial of service. The attacker sends continual pings to\nan HTTP/2 peer, causing the peer to build an internal queue of\nresponses. Depending on how efficiently this data is queued, this can\nconsume excess CPU, memory, or both. (CVE-2019-9512)\n\nSome HTTP/2 implementations are vulnerable to a reset flood,\npotentially leading to a denial of service. The attacker opens a\nnumber of streams and sends an invalid request over each stream that\nshould solicit a stream of RST_STREAM frames from the peer. Depending\non how the peer queues the RST_STREAM frames, this can consume excess\nmemory, CPU, or both. (CVE-2019-9514)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1272.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update golang' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"golang-1.9.4-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"golang-bin-1.9.4-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"golang-docs-1.9.4-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"golang-misc-1.9.4-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"golang-src-1.9.4-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"golang-tests-1.9.4-3.amzn2.0.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / golang-misc / golang-src / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:26:28", "description": "According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.(CVE-2019-9512)\n\n - Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.(CVE-2019-9514)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-23T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : golang (EulerOS-SA-2019-1967)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:golang", "p-cpe:/a:huawei:euleros:golang-bin", "p-cpe:/a:huawei:euleros:golang-src", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1967.NASL", "href": "https://www.tenable.com/plugins/nessus/129124", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129124);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"EulerOS 2.0 SP5 : golang (EulerOS-SA-2019-1967)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the golang packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Some HTTP/2 implementations are vulnerable to ping\n floods, potentially leading to a denial of service. The\n attacker sends continual pings to an HTTP/2 peer,\n causing the peer to build an internal queue of\n responses. Depending on how efficiently this data is\n queued, this can consume excess CPU, memory, or\n both.(CVE-2019-9512)\n\n - Some HTTP/2 implementations are vulnerable to a reset\n flood, potentially leading to a denial of service. The\n attacker opens a number of streams and sends an invalid\n request over each stream that should solicit a stream\n of RST_STREAM frames from the peer. Depending on how\n the peer queues the RST_STREAM frames, this can consume\n excess memory, CPU, or both.(CVE-2019-9514)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1967\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0413d68\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected golang packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"golang-1.12-5.eulerosv2r7\",\n \"golang-bin-1.12-5.eulerosv2r7\",\n \"golang-src-1.12-5.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-12-21T14:44:34", "description": "The http2 server support in this package was vulnerable to certain types of DOS attacks.\n\nCVE-2019-9512\n\nThis code was vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses.\nDepending on how efficiently this data is queued, this can consume excess CPU, memory, or both.\n\nCVE-2019-9514\n\nThis code was vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.\n\nFor Debian 9 stretch, these problems have been fixed in version 1:0.0+git20161013.8b4af36+dfsg-3+deb9u1.\n\nWe recommend that you upgrade your golang-golang-x-net-dev packages.\n\nFor the detailed security status of golang-golang-x-net-dev please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/golang-golang-x-net-dev\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "Debian DLA-2485-1 : golang-golang-x-net-dev security update (Ping Flood) (Reset Flood)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:golang-go.net-dev", "p-cpe:/a:debian:debian_linux:golang-golang-x-net-dev", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2485.NASL", "href": "https://www.tenable.com/plugins/nessus/143594", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2485-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143594);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Debian DLA-2485-1 : golang-golang-x-net-dev security update (Ping Flood) (Reset Flood)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The http2 server support in this package was vulnerable to certain\ntypes of DOS attacks.\n\nCVE-2019-9512\n\nThis code was vulnerable to ping floods, potentially leading to a\ndenial of service. The attacker sends continual pings to an HTTP/2\npeer, causing the peer to build an internal queue of responses.\nDepending on how efficiently this data is queued, this can consume\nexcess CPU, memory, or both.\n\nCVE-2019-9514\n\nThis code was vulnerable to a reset flood, potentially leading to a\ndenial of service. The attacker opens a number of streams and sends an\ninvalid request over each stream that should solicit a stream of\nRST_STREAM frames from the peer. Depending on how the peer queues the\nRST_STREAM frames, this can consume excess memory, CPU, or both.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:0.0+git20161013.8b4af36+dfsg-3+deb9u1.\n\nWe recommend that you upgrade your golang-golang-x-net-dev packages.\n\nFor the detailed security status of golang-golang-x-net-dev please\nrefer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/golang-golang-x-net-dev\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/golang-golang-x-net-dev\"\n );\n # https://security-tracker.debian.org/tracker/source-package/golang-golang-x-net-dev\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2f3b613\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:golang-go.net-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:golang-golang-x-net-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"golang-go.net-dev\", reference:\"1:0.0+git20161013.8b4af36+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"golang-golang-x-net-dev\", reference:\"1:0.0+git20161013.8b4af36+dfsg-3+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-12T15:31:26", "description": "An update for the container-tools:1.0 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "RHEL 8 : container-tools:1.0 (RHSA-2019:4273) (Ping Flood) (Reset Flood)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:buildah", "p-cpe:/a:redhat:enterprise_linux:buildah-debugsource", "p-cpe:/a:redhat:enterprise_linux:container-selinux", "p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins", "p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debugsource", "p-cpe:/a:redhat:enterprise_linux:containers-common", "p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs", "p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs-debugsource", "p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook", "p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook-debugsource", "p-cpe:/a:redhat:enterprise_linux:oci-umount", "p-cpe:/a:redhat:enterprise_linux:oci-umount-debugsource", "p-cpe:/a:redhat:enterprise_linux:podman", "p-cpe:/a:redhat:enterprise_linux:podman-debugsource", "p-cpe:/a:redhat:enterprise_linux:podman-docker", "p-cpe:/a:redhat:enterprise_linux:runc", "p-cpe:/a:redhat:enterprise_linux:runc-debugsource", "p-cpe:/a:redhat:enterprise_linux:skopeo", "p-cpe:/a:redhat:enterprise_linux:skopeo-debugsource", "p-cpe:/a:redhat:enterprise_linux:slirp4netns", "p-cpe:/a:redhat:enterprise_linux:slirp4netns-debugsource", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.1"], "id": "REDHAT-RHSA-2019-4273.NASL", "href": "https://www.tenable.com/plugins/nessus/132235", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:4273. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132235);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"RHSA\", value:\"2019:4273\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"RHEL 8 : container-tools:1.0 (RHSA-2019:4273) (Ping Flood) (Reset Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for the container-tools:1.0 module is now available for Red\nHat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe container-tools module contains tools for working with containers,\nnotably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es) :\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:4273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9514\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9512\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:buildah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:buildah-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:container-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:oci-umount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:oci-umount-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:podman-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:podman-docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:skopeo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:skopeo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slirp4netns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slirp4netns-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/container-tools');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:1.0');\nif ('1.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver);\n\nappstreams = {\n 'container-tools:1.0': [\n {'reference':'buildah-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef', 'cpu':'aarch64', 'release':'8'},\n {'reference':'buildah-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef', 'cpu':'s390x', 'release':'8'},\n {'reference':'buildah-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef', 'cpu':'x86_64', 'release':'8'},\n {'reference':'buildah-debugsource-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef', 'cpu':'aarch64', 'release':'8'},\n {'reference':'buildah-debugsource-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef', 'cpu':'s390x', 'release':'8'},\n {'reference':'buildah-debugsource-1.5-6.gite94b4f9.module+el8.1.0+4908+72a45cef', 'cpu':'x86_64', 'release':'8'},\n {'reference':'container-selinux-2.94-1.git1e99f1d.module+el8.1.0+3468+011f0ab0', 'release':'8', 'epoch':'2'},\n {'reference':'containernetworking-plugins-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef', 'cpu':'aarch64', 'release':'8'},\n {'reference':'containernetworking-plugins-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef', 'cpu':'s390x', 'release':'8'},\n {'reference':'containernetworking-plugins-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef', 'cpu':'x86_64', 'release':'8'},\n {'reference':'containernetworking-plugins-debugsource-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef', 'cpu':'aarch64', 'release':'8'},\n {'reference':'containernetworking-plugins-debugsource-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef', 'cpu':'s390x', 'release':'8'},\n {'reference':'containernetworking-plugins-debugsource-0.7.4-4.git9ebe139.module+el8.1.0+4908+72a45cef', 'cpu':'x86_64', 'release':'8'},\n {'reference':'containers-common-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'containers-common-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'containers-common-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8'},\n {'reference':'fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8'},\n {'reference':'fuse-overlayfs-0.3-5.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8'},\n {'reference':'fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8'},\n {'reference':'fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8'},\n {'reference':'fuse-overlayfs-debugsource-0.3-5.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8'},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0', 'cpu':'s390x', 'release':'8', 'epoch':'2'},\n {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+3468+011f0ab0', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},\n {'reference':'podman-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef', 'cpu':'aarch64', 'release':'8'},\n {'reference':'podman-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef', 'cpu':'s390x', 'release':'8'},\n {'reference':'podman-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef', 'cpu':'x86_64', 'release':'8'},\n {'reference':'podman-debugsource-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef', 'cpu':'aarch64', 'release':'8'},\n {'reference':'podman-debugsource-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef', 'cpu':'s390x', 'release':'8'},\n {'reference':'podman-debugsource-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef', 'cpu':'x86_64', 'release':'8'},\n {'reference':'podman-docker-1.0.0-4.git921f98f.module+el8.1.0+4908+72a45cef', 'release':'8'},\n {'reference':'runc-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef', 'cpu':'aarch64', 'release':'8'},\n {'reference':'runc-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef', 'cpu':'s390x', 'release':'8'},\n {'reference':'runc-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef', 'cpu':'x86_64', 'release':'8'},\n {'reference':'runc-debugsource-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef', 'cpu':'aarch64', 'release':'8'},\n {'reference':'runc-debugsource-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef', 'cpu':'s390x', 'release':'8'},\n {'reference':'runc-debugsource-1.0.0-56.rc5.dev.git2abd837.module+el8.1.0+4908+72a45cef', 'cpu':'x86_64', 'release':'8'},\n {'reference':'skopeo-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-debugsource-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-debugsource-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'skopeo-debugsource-0.1.32-6.git1715c90.module+el8.1.0+4903+9bde5d6c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48', 'cpu':'aarch64', 'release':'8'},\n {'reference':'slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48', 'cpu':'s390x', 'release':'8'},\n {'reference':'slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48', 'cpu':'x86_64', 'release':'8'},\n {'reference':'slirp4netns-debugsource-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48', 'cpu':'aarch64', 'release':'8'},\n {'reference':'slirp4netns-debugsource-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48', 'cpu':'s390x', 'release':'8'},\n {'reference':'slirp4netns-debugsource-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48', 'cpu':'x86_64', 'release':'8'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:1.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / buildah-debugsource / container-selinux / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T14:34:13", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0406 advisory.\n\n - HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n - HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-05T00:00:00", "type": "nessus", "title": "RHEL 7 : containernetworking-plugins (RHSA-2020:0406)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:containernetworking-plugins:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0406.NASL", "href": "https://www.tenable.com/plugins/nessus/133487", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0406. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133487);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\");\n script_xref(name:\"RHSA\", value:\"2020:0406\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"RHEL 7 : containernetworking-plugins (RHSA-2020:0406)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0406 advisory.\n\n - HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n - HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1735645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1735744\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containernetworking-plugins package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9514\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/extras/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/extras/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/extras/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/extras/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/extras/os',\n 'content/dist/rhel/client/7/7Client/x86_64/extras/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/extras/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/extras/os',\n 'content/dist/rhel/server/7/7Server/x86_64/extras/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/extras/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/extras/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/extras/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/extras/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/extras/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/extras/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'containernetworking-plugins-0.8.1-4.el7_7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containernetworking-plugins-0.8.1-4.el7_7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containernetworking-plugins');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ibm": [{"lastseen": "2022-09-26T13:50:27", "description": "## Summary\n\nSeveral issues were reported against the HTTP/2 implementation used by IBM WebSphere Application Server Liberty Profile which is used to host the IBM MQ Console and REST API.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-9515](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n** CVEID: **[CVE-2019-9518](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n** CVEID: **[CVE-2019-9517](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n** CVEID: **[CVE-2019-9512](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n** CVEID: **[CVE-2019-9514](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n** CVEID: **[CVE-2019-9513](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ Appliance | 8.0 \nIBM MQ and IBM MQ Appliance | 9.1 LTS \nIBM MQ and IBM MQ Appliance | 9.1 CD \n \n## Remediation/Fixes\n\n**IBM MQ Appliance V8** \nApply [FixPack 8.0.0.14](<https://www.ibm.com/support/pages/node/1282120>) \n \n**IBM MQ and IBM MQ Appliance V9.1 LTS** \nApply [FixPack 9.1.0.4](<https://www.ibm.com/support/pages/downloading-ibm-mq-version-9104>) \n \n**IBM MQ and IBM MQ Appliance V9.1 CD** \nUpgrade to [IBM MQ 9.1.4](<https://www.ibm.com/support/pages/downloading-ibm-mq-version-914-continuous-delivery>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n27 Feb 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSYHRD\",\"label\":\"IBM MQ\"},\"Component\":\"Console, REST API\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.1.0.0;9.1.0.1;9.1.0.2;9.1.0.3;9.1.1;9.1.2;9.1.3\",\"Edition\":\"All\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SS5K6E\",\"label\":\"IBM MQ Appliance\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF004\",\"label\":\"Appliance\"}],\"Version\":\"8.0.0.0;8.0.0.1;8.0.0.3;8.0.0.4;8.0.0.5;8.0.0.6;8.0.0.7;8.0.0.8;8.0.0.9;8.0.0.10;8.0.0.11;8.0.0.12;8.0.0.13;9.1;9.1.0.1;9.1.0.2;9.1.0.3;9.1.1;9.1.2;9.1.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB36\",\"label\":\"IBM Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-28T12:25:31", "type": "ibm", "title": "Security Bulletin: IBM MQ Console and REST API are vulnerable to multiple Denial of service attacks within HTTP/2 (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9514, CVE-2019-9512, CVE-2019-9513)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-02-28T12:25:31", "id": "9A96669F651314B055987343933B2F58BB66C71D7B13E3E61735C74B9F85DCFD", "href": "https://www.ibm.com/support/pages/node/1106055", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-06-28T22:06:08", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM WebSphere Liberty that affect IBM WIoTP MessageGateway.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9515](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9518](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9517](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9512](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9514](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9513](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WIoTP MessageGateway| 5.0.0.1 \nIBM IoT MessageSight| 5.0.0.0 \nIBM IoT MessageSight| 2.0 \n \n\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_IBM WIoTP MessageGateway_| \n\n_5.0.0.2_\n\n| \n\n_IT31139_\n\n| [_5.0.0.2-IBM-IMA-IFIT31139_](<https://www.ibm.com/support/pages/node/1142656>) \n_IBM MessageSight_| \n\n_5.0.0.0_\n\n| \n\n_IT31139_\n\n| [_5.0.0.0-IBM-IMA-IFIT31139_](<https://www.ibm.com/support/pages/node/1142680>) \n_IBM MessageSight_| \n\n_2.0.0.2_\n\n| \n\n_IT31139_\n\n| [_2.0.0.2-IBM-IMA-IFIT31139_](<https://www.ibm.com/support/pages/node/1142686>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n03 January 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSF79B\",\"label\":\"IBM Watson IoT Platform - Message Gateway\"},\"Component\":\"WebUI\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.0.0.2, 5.0.0.0, 5.0.0.1, 5.0.0.2\",\"Edition\":\"N\\/A\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-03T21:21:12", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Liberty affect IBM WIoTP MessageGateway", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-01-03T21:21:12", "id": "413EFD2051B06CEFCDFB6A85E56D412853059B72C27BDAC4B5D06E384C0A787D", "href": "https://www.ibm.com/support/pages/node/1167898", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-09-26T13:49:52", "description": "## Summary\n\nWebSphere Liberty susceptible to HTTP2 implementation vulnerabilities\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9515](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9517](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9512](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9514](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9513](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNovaLink| 1.0.0.13 \nNovaLink| 1.0.0.15 \n \n\n\n## Remediation/Fixes\n\nFixes are available on latest supported Novalink version 1.0.0.16 \n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n26 Mar 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Product\":{\"code\":\"SSVNV4\",\"label\":\"PowerVM NovaLink\"},\"Component\":\"Novalink \",\"Platform\":[{\"code\":\"PF031\",\"label\":\"Ubuntu\"},{\"code\":\"PF043\",\"label\":\"Red Hat\"}],\"Version\":\"1.0.0.16\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB57\",\"label\":\"Power\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-26T12:19:25", "type": "ibm", "title": "Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-03-26T12:19:25", "id": "0C931C8FB3337ADB707B8C54D7D2E65C09B2A9067AF3442FB5EDF49ED471F44A", "href": "https://www.ibm.com/support/pages/node/6120651", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-06-28T22:11:42", "description": "## Summary\n\nWebSphere Liberty susceptible to HTTP2 implementation vulnerabilities\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9515](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9517](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9512](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9514](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9513](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**\n\n| \n\n**Version(s)** \n \n---|--- \n \nIBM Control Center\n\n| \n\n6.0.0.0 through 6.0.0.2 iFix08 \n \nIBM Control Center\n\n| \n\n6.1.0.0 through 6.1.2.1 iFix01 \n \n \n\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**iFix**\n\n| \n\n**Remediation** \n \n---|---|---|--- \n \nIBM Control Center\n\n| \n\n6.0.0.2\n\n| \n\niFix09\n\n| \n\n[Fix Central - 6.0.0.2](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.0.0.2&platform=All&function=all>) \n \nIBM Control Center\n\n| \n\n6.1.2.1\n\n| \n\niFix02\n\n| \n\n[Fix Central - 6.1.2.1](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.1.2.1&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n24 Jan 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS9GLA\",\"label\":\"IBM Control Center\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF051\",\"label\":\"Linux on IBM Z Systems\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"6.0, 6.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-28T21:55:07", "type": "ibm", "title": "Security Bulletin: Multiple Websphere to HTTP2 implementation vulnerabilities affect IBM Control Center", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-01-28T21:55:07", "id": "6AC8F8C50686802A05555281D5D05D5AB8997C027EADF699A3A6C4352B28516B", "href": "https://www.ibm.com/support/pages/node/1284550", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-09-26T13:50:37", "description": "## Summary\n\nIBM Worklight/MobileFoundation has addressed the following vulnerability. WebSphere Liberty susceptible to HTTP2 implementation vulnerablility.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-9515](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a