Vulnerabilities > CVE-2012-2098 - Cryptographic Issues vulnerability in Apache Commons Compress

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apache
CWE-310
nessus
NVD
Published: 2012-06-29
Updated: 2024-11-21

Summary

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

Vulnerable Configurations

Part Description Count
Application
Apache
5

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-5530.NASL
    descriptionRebase to upstream version and add patch to fix CVE-2012-2098. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-05-11
    plugin id66376
    published2013-05-11
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66376
    titleFedora 19 : plexus-archiver-2.3-1.fc19 (2013-5530)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-5530.
#

include("compat.inc");

if (description)
{
  script_id(66376);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_bugtraq_id(53676);
  script_xref(name:"FEDORA", value:"2013-5530");

  script_name(english:"Fedora 19 : plexus-archiver-2.3-1.fc19 (2013-5530)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Rebase to upstream version and add patch to fix CVE-2012-2098.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=911539"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-May/105121.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?bb60b5c7"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected plexus-archiver package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:plexus-archiver");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC19", reference:"plexus-archiver-2.3-1.fc19")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "plexus-archiver");
}
  • NASL familyWeb Servers
    NASL idWEBSPHERE_7_0_0_31.NASL
    descriptionIBM WebSphere Application Server 7.0 before Fix Pack 31 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A flaw in the mod_rewrite module of Apache HTTP Server potentially allows a remote attacker to execute arbitrary code via HTTP. (CVE-2013-1862, PM87808) - An XSS vulnerability exists in IBM WebSphere Application Server due to a failure to sanitize user-supplied input in the Administrative console. (CVE-2013-4005, PM88208) - A denial of service vulnerability exists when using the optional mod_dav module. (CVE-2013-1896, PM89996) - A denial of service vulnerability exists due the use of Apache Ant to compress files. (CVE-2012-2098, PM90088) - A privilege escalation vulnerability exists on IBM WebSphere Application Servers using WS-Security that are configured for XML Digital Signature using trust store. (CVE-2013-4053, PM90949, PM91521) - An XSS vulnerability exists in IBM WebSphere Application Server caused by a failure to sanitize user-supplied input in the UDDI Administrative console. (CVE-2013-4052, PM91892) - A privilege escalation vulnerability exists in IBM WebSphere Application Servers that have been migrated from version 6.1 or later. (CVE-2013-5414, PM92313) - An XSS vulnerability exists in IBM WebSphere Application Server due to a failure to sanitize application HTTP response data. (CVE-2013-5417, PM93323, PM93944) - An XSS vulnerability exists in IBM WebSphere Application Server due to a failure to sanitize user-supplied input in the Administrative console. (CVE-2013-5418, PM96477) - An XSS vulnerability exists in IBM WebSphere Application Server due to a failure to sanitize user-supplied input in the Administrative console. (CVE-2013-6725, PM98132) - An information disclosure vulnerability exists in IBM WebSphere Application Servers configured to use static file caching using the simpleFileServlet. (CVE-2013-6330, PM98624) - A denial of service vulnerability exists in IBM WebSphere Application Server due to a failure to properly handle requests by a web services endpoint. (CVE-2013-6325, PM99450) - An information disclosure vulnerability exists in the IBM SDK for Java that ships with IBM WebSphere Application Server related to JSSE. (CVE-2013-5780) - A denial of service vulnerability exists in the IBM SDK for Java that ships with IBM WebSphere Application Server related to XML. (CVE-2013-5372) - A denial of service vulnerability exists in the IBM SDK for Java that ships with IBM WebSphere Application Server related to JSSE. (CVE-2013-5803)
    last seen2020-06-01
    modified2020-06-02
    plugin id72061
    published2014-01-20
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72061
    titleIBM WebSphere Application Server 7.0 < Fix Pack 31 Multiple Vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72061);
  script_version("1.6");
  script_cvs_date("Date: 2018/08/06 14:03:16");

  script_cve_id(
    "CVE-2012-2098",
    "CVE-2013-1862",
    "CVE-2013-1896",
    "CVE-2013-4005",
    "CVE-2013-4052",
    "CVE-2013-4053",
    "CVE-2013-5372",
    "CVE-2013-5414",
    "CVE-2013-5417",
    "CVE-2013-5418",
    "CVE-2013-5780",
    "CVE-2013-5803",
    "CVE-2013-6325",
    "CVE-2013-6330",
    "CVE-2013-6725"
  );
  script_bugtraq_id(
    53676,
    59826,
    61129,
    61901,
    62336,
    62338,
    63082,
    63115,
    63224,
    63778,
    63780,
    63781,
    65096,
    65099,
    65100
  );

  script_name(english:"IBM WebSphere Application Server 7.0 < Fix Pack 31 Multiple Vulnerabilities");
  script_summary(english:"Reads the version number from the SOAP port");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote application server is potentially affected by multiple
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"IBM WebSphere Application Server 7.0 before Fix Pack 31 appears to be
running on the remote host.  It is, therefore, potentially affected by
the following vulnerabilities :

  - A flaw in the mod_rewrite module of Apache HTTP Server
    potentially allows a remote attacker to execute
    arbitrary code via HTTP. (CVE-2013-1862, PM87808)

  - An XSS vulnerability exists in IBM WebSphere Application
    Server due to a failure to sanitize user-supplied input
    in the Administrative console. (CVE-2013-4005, PM88208)

  - A denial of service vulnerability exists when using the
    optional mod_dav module. (CVE-2013-1896, PM89996)

  - A denial of service vulnerability exists due the use of
    Apache Ant to compress files. (CVE-2012-2098, PM90088)

  - A privilege escalation vulnerability exists on IBM
    WebSphere Application Servers using WS-Security that are
    configured for XML Digital Signature using trust store.
    (CVE-2013-4053, PM90949, PM91521)

  - An XSS vulnerability exists in IBM WebSphere Application
    Server caused by a failure to sanitize user-supplied
    input in the UDDI Administrative console.
    (CVE-2013-4052, PM91892)

  - A privilege escalation vulnerability exists in IBM
    WebSphere Application Servers that have been migrated
    from version 6.1 or later. (CVE-2013-5414, PM92313)

  - An XSS vulnerability exists in IBM WebSphere Application
    Server due to a failure to sanitize application HTTP
    response data. (CVE-2013-5417, PM93323, PM93944)

  - An XSS vulnerability exists in IBM WebSphere Application
    Server due to a failure to sanitize user-supplied input
    in the Administrative console. (CVE-2013-5418, PM96477)

  - An XSS vulnerability exists in IBM WebSphere Application
    Server due to a failure to sanitize user-supplied input
    in the Administrative console. (CVE-2013-6725, PM98132)

  - An information disclosure vulnerability exists in IBM
    WebSphere Application Servers configured to use static
    file caching using the simpleFileServlet.
    (CVE-2013-6330, PM98624)

  - A denial of service vulnerability exists in IBM
    WebSphere Application Server due to a failure to
    properly handle requests by a web services endpoint.
    (CVE-2013-6325, PM99450)

  - An information disclosure vulnerability exists in the
    IBM SDK for Java that ships with IBM WebSphere
    Application Server related to JSSE. (CVE-2013-5780)

  - A denial of service vulnerability exists in the IBM SDK
    for Java that ships with IBM WebSphere Application
    Server related to XML. (CVE-2013-5372)

  - A denial of service vulnerability exists in the IBM SDK
    for Java that ships with IBM WebSphere Application
    Server related to JSSE. (CVE-2013-5803)"
  );
  # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_31?lang=en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d2f64a49");
  script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21661323");
  script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21655990");
  script_set_attribute(attribute:"solution", value:
"If using WebSphere Application Server, apply Fix Pack 31 (7.0.0.31)
or later.

Otherwise, if using embedded WebSphere Application Server packaged
with Tivoli Directory Server, apply the latest recommended eWAS fix
pack.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/01/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/20");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("websphere_detect.nasl");
  script_require_ports("Services/www", 8880, 8881);
  script_require_keys("www/WebSphere");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:8880, embedded:0);


version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
if (version =~ "^[0-9]+(\.[0-9]+)?$")
  exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server " + version + " instance listening on port " + port + ".");

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (ver[0] == 7 && ver[1] == 0 && ver[2] == 0 && ver[3] < 31)
{
  set_kb_item(name:'www/'+port+'/XSS', value:TRUE);

  if (report_verbosity > 0)
  {
    source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
    report =
      '\n  Version source    : ' + source +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 7.0.0.31' +
      '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "IBM WebSphere Application Server", port, version);
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-8428.NASL
    descriptionUpdate to 1.4.1, fixing CVE-2012-2098 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-06-04
    plugin id59346
    published2012-06-04
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59346
    titleFedora 17 : apache-commons-compress-1.4.1-1.fc17 (2012-8428)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2012-8428.
#

include("compat.inc");

if (description)
{
  script_id(59346);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2012-2098");
  script_bugtraq_id(53676);
  script_xref(name:"FEDORA", value:"2012-8428");

  script_name(english:"Fedora 17 : apache-commons-compress-1.4.1-1.fc17 (2012-8428)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Update to 1.4.1, fixing CVE-2012-2098

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?65e7ee03"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected apache-commons-compress package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:apache-commons-compress");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/05/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC17", reference:"apache-commons-compress-1.4.1-1.fc17")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache-commons-compress");
}
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_ANT_20130430.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs. (CVE-2012-2098)
    last seen2020-06-01
    modified2020-06-02
    plugin id80580
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80580
    titleOracle Solaris Third-Party Patch Update : ant (algorithmic_complexity_vulnerability_in_apache)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Oracle Third Party software advisories.
#
include("compat.inc");

if (description)
{
  script_id(80580);
  script_version("1.2");
  script_cvs_date("Date: 2018/11/15 20:50:24");

  script_cve_id("CVE-2012-2098");

  script_name(english:"Oracle Solaris Third-Party Patch Update : ant (algorithmic_complexity_vulnerability_in_apache)");
  script_summary(english:"Check for the 'entire' version.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Solaris system is missing a security patch for third-party
software."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote Solaris system is missing necessary patches to address
security updates :

  - Algorithmic complexity vulnerability in the sorting
    algorithms in bzip2 compressing stream
    (BZip2CompressorOutputStream) in Apache Commons Compress
    before 1.4.1 allows remote attackers to cause a denial
    of service (CPU consumption) via a file with many
    repeating inputs. (CVE-2012-2098)"
  );
  # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4a913f44"
  );
  # https://blogs.oracle.com/sunsecurity/algorithmic-complexity-vulnerability-in-apache-ant
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4785b054"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.3.4.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:ant");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
  script_family(english:"Solaris Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Solaris11/release");
if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
pkg_list = solaris_pkg_list_leaves();
if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");

if (empty_or_null(egrep(string:pkg_list, pattern:"^ant$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "ant");

flag = 0;

if (solaris_check_release(release:"0.5.11-0.175.1.3.0.4.0", sru:"SRU 11.1.3.4.0") > 0) flag++;

if (flag)
{
  error_extra = 'Affected package : ant\n' + solaris_get_report2();
  error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
  if (report_verbosity > 0) security_warning(port:0, extra:error_extra);
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_PACKAGE_NOT_AFFECTED, "ant");
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-5546.NASL
    descriptionRebase to upstream version 2.3 and add patch to fix CVE-2012-2098. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-05-11
    plugin id66377
    published2013-05-11
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66377
    titleFedora 17 : plexus-archiver-2.3-1.fc17 (2013-5546)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-5546.
#

include("compat.inc");

if (description)
{
  script_id(66377);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2012-2098");
  script_bugtraq_id(53676);
  script_xref(name:"FEDORA", value:"2013-5546");

  script_name(english:"Fedora 17 : plexus-archiver-2.3-1.fc17 (2013-5546)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Rebase to upstream version 2.3 and add patch to fix CVE-2012-2098.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=951521"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?aee6b2b0"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected plexus-archiver package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:plexus-archiver");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC17", reference:"plexus-archiver-2.3-1.fc17")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "plexus-archiver");
}
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-8465.NASL
    descriptionUpdate to 1.4.1, fixing CVE-2012-2098 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-06-04
    plugin id59349
    published2012-06-04
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59349
    titleFedora 16 : apache-commons-compress-1.4.1-1.fc16 (2012-8465)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2012-8465.
#

include("compat.inc");

if (description)
{
  script_id(59349);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2012-2098");
  script_bugtraq_id(53676);
  script_xref(name:"FEDORA", value:"2012-8465");

  script_name(english:"Fedora 16 : apache-commons-compress-1.4.1-1.fc16 (2012-8465)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Update to 1.4.1, fixing CVE-2012-2098

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=810406"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?582dc174"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected apache-commons-compress package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:apache-commons-compress");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/05/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC16", reference:"apache-commons-compress-1.4.1-1.fc16")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache-commons-compress");
}
  • NASL familyWindows
    NASL idVMWARE_MULTIPLE_VMSA_2008_0008.NASL
    descriptionA VMware product installed on the remote host is affected by multiple vulnerabilities : - A heap overflow vulnerability in VMware Host Guest File System (HGFS), could allow a guest to execute arbitrary code subject to the privileges of the user running
    last seen2020-06-01
    modified2020-06-02
    plugin id32503
    published2008-06-03
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32503
    titleVMware Products Multiple Vulnerabilities (VMSA-2008-0008)
    code
    #
#  (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(32503);
  script_version("1.17");
  script_cvs_date("Date: 2018/11/15 20:50:29");

  script_cve_id("CVE-2008-2098", "CVE-2008-2099");
  script_bugtraq_id(29443, 29444);
  script_xref(name:"VMSA", value:"2008-0008");

  script_name(english:"VMware Products Multiple Vulnerabilities (VMSA-2008-0008)");
  script_summary(english:"Checks vulnerable versions of multiple VMware products");
 script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application that is affected by
multiple issues.");
 script_set_attribute(attribute:"description", value:
"A VMware product installed on the remote host is affected by multiple
vulnerabilities :

  - A heap overflow vulnerability in VMware Host Guest File
    System (HGFS), could allow a guest to execute arbitrary
    code subject to the privileges of the user running 'vmx'
    process. In order to successfully exploit this issue a
    folder should be shared on the host system and sharing
    should be enabled, which is disabled by default.
    (CVE-2012-2098)

  - A vulnerability in Virtual Machine Communication
    Interface (VMCI), a 'experimental' feature designed for
    users building client-server applications, could allow
    a guest to execute arbitrary code subject to the
    privileges of the user running 'vmx' process. For
    successful exploitation of this issue VMCI feature
    should be enabled on the host. (CVE-2012-2099)");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2008-0008.html");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" );
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/support/player2/doc/releasenotes_player2.html" );
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" );
  script_set_attribute(attribute:"solution", value:
"Upgrade to :

  - VMware Workstation 6.0.4 or higher.
  - VMware Player 2.0.4 or higher.
  - VMware ACE 2.0.4 or higher.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:ace");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:vmware_player");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:vmware_workstation");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");

  script_dependencies("vmware_workstation_detect.nasl","vmware_player_detect.nasl", "vmware_ace_detect.nasl");
  script_require_ports("VMware/Server/Version", "VMware/ACE/Version", "VMware/Player/Version", "VMware/Workstation/Version", 139, 445);

  exit(0);
}

include("global_settings.inc");
include("smb_func.inc");

port = kb_smb_transport();

# Check for VMware Workstation

version = get_kb_item("VMware/Workstation/Version");
if (version)
{
 v = split(version, sep:".", keep:FALSE);

 if ( int(v[0]) == 6 && int(v[1]) == 0 && int(v[2]) < 4 )
     {
      if (report_verbosity)
      {
        report = string(
          "\n",
          "Version ",version," of VMware Workstation is installed on the remote host.",
          "\n"
        );
        security_warning(port:port, extra:report);
       }
       else
   	 security_warning(port);
     }
}

# Check for VMware Player

version = get_kb_item("VMware/Player/Version");
if (version)
{
 v = split(version, sep:".", keep:FALSE);
 if ( int(v[0]) == 2  && int(v[1]) == 0 && int(v[2]) < 4 )
   {
     if (report_verbosity)
      {
        report = string(
          "\n",
          "Version ",version," of VMware Player is installed on the remote host.",
          "\n"
        );
        security_warning(port:port, extra:report);
       }
       else
        security_warning(port);
    }
}

# Check for VMware ACE

version = get_kb_item("VMware/ACE/Version");
 if (version)
 {
  v = split(version, sep:".", keep:FALSE);
  if ( int(v[0]) == 2  && int(v[1]) == 0 && int(v[2]) < 4 )
   {
     if (report_verbosity)
      {
        report = string(
          "\n",
          "Version ",version," of VMware ACE is installed on the remote host.",
          "\n"
        );
        security_warning(port:port, extra:report);
       }
       else
        security_warning(port);
    }
  }
  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_0_0_7.NASL
    descriptionIBM WebSphere Application Server 8.0 before Fix Pack 7 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists related to Apache Ant and file compression that could lead to denial of service conditions. (CVE-2012-2098 / PM90088) - The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. (CVE-2013-0169 / PM85211) - A flaw exists relating to OAuth that could allow a remote attacker to obtain someone else
    last seen2020-06-01
    modified2020-06-02
    plugin id69449
    published2013-08-23
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69449
    titleIBM WebSphere Application Server 8.0 < Fix Pack 7 Multiple Vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#




include("compat.inc");

if (description)
{
  script_id(69449);
  script_version("1.19");
  script_cvs_date("Date: 2019/11/27");

  script_cve_id(
    "CVE-2012-2098",
    "CVE-2013-0169",
    "CVE-2013-0597",
    "CVE-2013-1768",
    "CVE-2013-1862",
    "CVE-2013-1896",
    "CVE-2013-2967",
    "CVE-2013-2976",
    "CVE-2013-3029",
    "CVE-2013-4004",
    "CVE-2013-4005"
  );
  script_bugtraq_id(
    53676,
    57778,
    59826,
    60534,
    60724,
    61129,
    61901,
    61935,
    61937,
    61940,
    61941
  );

  script_name(english:"IBM WebSphere Application Server 8.0 < Fix Pack 7 Multiple Vulnerabilities");
  script_summary(english:"Reads the version number from the SOAP port");

  script_set_attribute(attribute:"synopsis", value:
"The remote application server may be affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"IBM WebSphere Application Server 8.0 before Fix Pack 7 appears to be
running on the remote host.  It is, therefore, potentially affected by
the following vulnerabilities :

  - A flaw exists related to Apache Ant and file
    compression that could lead to denial of service
    conditions. (CVE-2012-2098 / PM90088)

  - The TLS protocol in the GSKIT component is vulnerable
    to a plaintext recovery attack.
    (CVE-2013-0169 / PM85211)

  - A flaw exists relating to OAuth that could allow a
    remote attacker to obtain someone else's credentials.
    (CVE-2013-0597 / PM85834 / PM87131)

  - A flaw exists relating to OpenJPA that is triggered
    during deserialization, which could allow a remote
    attacker to write to the file system and potentially
    execute arbitrary code. Note the vendor states this
    application is not directly affected by this flaw;
    however, this application does include the affected
    version of OpenJPA. (CVE-2013-1768 / PM86780)

  - An input validation flaw exists in the optional
    'mod_rewrite' module in the included IBM HTTP Server
    that could allow arbitrary command execution via
    HTTP requests containing certain escape sequences.
    (CVE-2013-1862 / PM87808)

  - A flaw exists related to the optional 'mod_dav'
    module in the included IBM HTTP Server that could
    allow denial of service conditions.
    (CVE-2013-1896 / PM89996)

  - User-supplied input validation errors exist related to
    the administrative console that could allow cross-site
    scripting attacks.
    (CVE-2013-2967 / PM78614, CVE-2013-4004 / PM81571,
    CVE-2013-4005 / PM88208)

  - An information disclosure vulnerability exists related
    to incorrect caching by the administrative console.
    (CVE-2013-2976 / PM79992)

  - A user-supplied input validation error exists that could
    allow cross-site request forgery (CSRF) attacks to be
    carried out. (CVE-2013-3029 / PM88746)");
  # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_exposure_in_ibm_http_server_cve_2013_1862_pm87808?lang=en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?187690fd");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21644047");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24035457");
  # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_8_0_0_7?lang=en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b1c66192");
  script_set_attribute(attribute:"solution", value:
"Apply Fix Pack 7 for version 8.0 (8.0.0.7) or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1768");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/23");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_detect.nasl");
  script_require_keys("www/WebSphere");
  script_require_ports("Services/www", 8880, 8881);

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:8880, embedded:0);


version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
if (version =~ "^[0-9]+(\.[0-9]+)?$")
  exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server " + version + " instance listening on port " + port + ".");

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (ver[0] == 8 && ver[1] == 0 && ver[2] == 0 && ver[3] < 7)
{
  set_kb_item(name:"www/"+port+"/XSS", value:TRUE);
  set_kb_item(name:"www/"+port+"/XSRF", value:TRUE);
  if (report_verbosity > 0)
  {
    source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
    report =
      '\n  Version source    : ' + source +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 8.0.0.7' +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "WebSphere", port, version);
  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_5_5_1.NASL
    descriptionIBM WebSphere Application Server 8.5 before Fix Pack 8.5.5.1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - A flaw exists related to Apache Ant and file compression that could lead to denial of service conditions. (CVE-2012-2098 / PM90088) - Unspecified errors exist related to the administration console that could allow cross-site scripting attacks. (CVE-2013-0460 / PM72275, CVE-2013-5418 / PM96477, CVE-2013-5425 / PM93828) - Multiple errors exist related to the IBM Eclipse Help System that could allow cross-site scripting attacks and information disclosure attacks. (CVE-2013-0464, CVE-2013-0467, CVE-2013-0599 / PM89893) - An input validation flaw exists in the optional
    last seen2020-06-01
    modified2020-06-02
    plugin id71229
    published2013-12-05
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71229
    titleIBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.1 Multiple Vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(71229);
  script_version("1.8");
  script_cvs_date("Date: 2018/08/06 14:03:16");

  script_cve_id(
    "CVE-2012-2098",
    "CVE-2013-0460",
    "CVE-2013-0464",
    "CVE-2013-0467",
    "CVE-2013-0599",
    "CVE-2013-1862",
    "CVE-2013-1896",
    "CVE-2013-3029",
    "CVE-2013-4004",
    "CVE-2013-4005",
    "CVE-2013-4006",
    "CVE-2013-4052",
    "CVE-2013-4053",
    "CVE-2013-5414",
    "CVE-2013-5417",
    "CVE-2013-5418",
    "CVE-2013-5425"
  );
  script_bugtraq_id(
    53676,
    57510,
    58000,
    59826,
    60107,
    60246,
    61129,
    61901,
    61935,
    61937,
    62336,
    62338,
    63700,
    63778,
    63780,
    63781,
    63786
  );

  script_name(english:"IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.1 Multiple Vulnerabilities");
  script_summary(english:"Reads the version number from the SOAP port");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote application server may be affected by multiple
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5.1 appears to
be running on the remote host and is, therefore, potentially affected by
the following vulnerabilities :

  - A flaw exists related to Apache Ant and file
    compression that could lead to denial of service
    conditions. (CVE-2012-2098 / PM90088)

  - Unspecified errors exist related to the administration
    console that could allow cross-site scripting attacks.
    (CVE-2013-0460 / PM72275, CVE-2013-5418 / PM96477,
    CVE-2013-5425 / PM93828)

  - Multiple errors exist related to the IBM Eclipse Help
    System that could allow cross-site scripting attacks
    and information disclosure attacks. (CVE-2013-0464,
    CVE-2013-0467, CVE-2013-0599 / PM89893)

  - An input validation flaw exists in the optional
    'mod_rewrite' module in the included IBM HTTP Server
    that could allow arbitrary command execution via
    HTTP requests containing certain escape sequences.
    (CVE-2013-1862 / PM87808)

  - A flaw exists related to the optional 'mod_dav'
    module in the included IBM HTTP Server that could
    allow denial of service conditions.
    (CVE-2013-1896 / PM89996)

  - A user-supplied input validation error exists that could
    allow cross-site request forgery (CSRF) attacks to be
    carried out. (CVE-2013-3029 / PM88746)

  - User-supplied input validation errors exist related to
    the administrative console that could allow cross-site
    scripting attacks.
    (CVE-2013-4004 / PM81571, CVE-2013-4005 / PM88208)

  - An unspecified permissions error exists that could
    allow a local attacker to obtain sensitive information.
    Note this issue only affects the 'Liberty Profile'.
    (CVE-2013-4006 / PM90472)

  - An input validation error exists related to the UDDI
    Administrative console that could allow cross-site
    scripting attacks. (CVE-2013-4052 / PM91892)

  - An attacker may gain elevated privileges because of
    improper certificate checks. WS-Security and XML Digital
    Signatures must be enabled. (CVE-2013-4053 / PM90949)

  - An error exists related to incorrect Administration
    Security roles and migrations from version 6.1.
    (CVE-2013-5414 / PM92313)

  - Unspecified input validation errors exist that could
    allow cross-site scripting attacks. (CVE-2013-5417 /
    PM93323 and PM93944)"
  );
  # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_exposure_in_ibm_http_server_cve_2013_1862_pm87808?lang=en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?187690fd");
  # Fix list
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg27036319#8551");
  # Sec bulletin
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?&uid=swg21651880");
  script_set_attribute(attribute:"solution", value:"Apply Fix Pack 8.5.5.1 for version 8.5 (8.5.5.0) or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/11/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");

  script_dependencies("websphere_detect.nasl");
  script_require_ports("Services/www", 8880, 8881);
  script_require_keys("www/WebSphere");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:8880, embedded:0);

version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");

if (version !~ "^8\.5([^0-9]|$)") audit(AUDIT_NOT_LISTEN, "IBM WebSphere Application Server 8.5", port);

if (version =~ "^[0-9]+(\.[0-9]+)?$") audit(AUDIT_VER_NOT_GRANULAR, "IBM WebSphere Application Server", port, version);

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (
  ver[0] == 8 &&
  ver[1] == 5 &&
  (
    ver[2] < 5
    ||
    (ver[2] == 5 && ver[3] < 1)
  )
)
{
  set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
  set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);

  if (report_verbosity > 0)
  {
    report =
      '\n  Version source    : ' + source +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 8.5.5.1' +
      '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "WebSphere", port, version);
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-5548.NASL
    descriptionRebase to upstream version 2.3 and add patch to fix CVE-2012-2098. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-05-11
    plugin id66378
    published2013-05-11
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66378
    titleFedora 18 : plexus-archiver-2.3-1.fc18 (2013-5548)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-5548.
#

include("compat.inc");

if (description)
{
  script_id(66378);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2012-2098");
  script_bugtraq_id(53676);
  script_xref(name:"FEDORA", value:"2013-5548");

  script_name(english:"Fedora 18 : plexus-archiver-2.3-1.fc18 (2013-5548)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Rebase to upstream version 2.3 and add patch to fix CVE-2012-2098.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=951522"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?484a0607"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected plexus-archiver package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:plexus-archiver");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC18", reference:"plexus-archiver-2.3-1.fc18")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "plexus-archiver");
}
  • NASL familyWeb Servers
    NASL idWEBSPHERE_6_1_0_47.NASL
    descriptionIBM WebSphere Application Server 6.1 before Fix Pack 47 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - A remote attacker can bypass authentication because of improper user validation on Linux, Solaris, and HP-UX platforms that use a LocalOS registry. (CVE-2013-0543, PM75582) - A denial of service can be caused by the way Apache Ant uses bzip2 to compress files. This can be exploited by a local attacker passing specially crafted input. (CVE-2012-2098, PM90088) - A local attacker can cause a denial of service on Windows platforms with a LocalOS registry using WebSphere Identity Manager. (CVE-2013-0541, PM74909) - Remote attackers can traverse directories by deploying a specially crafted application file to overwrite files outside of the application deployment directory. (CVE-2012-3305, PM62467) - The TLS protocol implementation is susceptible to plaintext-recovery attacks via statistical analysis of timing data for crafted packets. (CVE-2013-0169, PM85211) - Terminal escape sequences are not properly filtered from logs. Remote attackers could execute arbitrary commands via an HTTP request containing an escape sequence. (CVE-2013-1862, PM87808) - Improper validation of user input allows for cross-site request forgery. By persuading an authenticated user to visit a malicious website, a remote attacker could exploit this vulnerability to obtain sensitive information. (CVE-2012-4853, CVE-2013-3029, PM62920, PM88746) - Improper validation of user input in the administrative console allows for multiple cross-site scripting attacks. (CVE-2013-0458, CVE-2013-0459, CVE-2013-0461, CVE-2013-0542, CVE-2013-0596, CVE-2013-2967, CVE-2013-4005, CVE-2013-4052, PM71139, PM72536, PM71389, PM73445, PM78614, PM81846, PM88208, PM91892) - Improper validation of portlets in the administrative console allows for cross-site request forgery, which could allow an attacker to obtain sensitive information. (CVE-2013-0460, PM72275) - Remote, authenticated attackers can traverse directories on Linux and UNIX systems running the application. (CVE-2013-0544, PM82468) - A denial of service attack is possible if the optional mod_dav module is being used. (CVE-2013-1896, PM89996) - Sensitive information can be obtained by a local attacker because of incorrect caching by the administrative console. (CVE-2013-2976, PM79992) - An attacker may gain elevated privileges because of improper certificate checks. WS-Security and XML Digital Signatures must be enabled. (CVE-2013-4053, PM90949, PM91521) - Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file system. WebSphere is NOT vulnerable to this issue but the vendor suggests upgrading to be proactive. (CVE-2013-1768, PM86780, PM86786, PM86788, PM86791)
    last seen2020-06-01
    modified2020-06-02
    plugin id70022
    published2013-09-20
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70022
    titleIBM WebSphere Application Server 6.1 < Fix Pack 47 Multiple Vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#




include("compat.inc");

if (description)
{
  script_id(70022);
  script_version("1.14");
  script_cvs_date("Date: 2019/11/27");

  script_cve_id(
    "CVE-2012-2098",
    "CVE-2012-3305",
    "CVE-2012-4853",
    "CVE-2013-0169",
    "CVE-2013-0458",
    "CVE-2013-0459",
    "CVE-2013-0460",
    "CVE-2013-0461",
    "CVE-2013-0462",
    "CVE-2013-0541",
    "CVE-2013-0542",
    "CVE-2013-0543",
    "CVE-2013-0544",
    "CVE-2013-0596",
    "CVE-2013-1768",
    "CVE-2013-1862",
    "CVE-2013-1896",
    "CVE-2013-2967",
    "CVE-2013-2976",
    "CVE-2013-3029",
    "CVE-2013-4005",
    "CVE-2013-4052",
    "CVE-2013-4053"
  );
  script_bugtraq_id(
    53676,
    55678,
    56458,
    57508,
    57509,
    57510,
    57512,
    57513,
    57778,
    59247,
    59248,
    59250,
    59251,
    59826,
    60534,
    61129,
    61901,
    61937,
    61940,
    61941,
    62336,
    62338
  );

  script_name(english:"IBM WebSphere Application Server 6.1 < Fix Pack 47 Multiple Vulnerabilities");
  script_summary(english:"Reads the version number from the SOAP port");

  script_set_attribute(attribute:"synopsis", value:
"The remote application server may be affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"IBM WebSphere Application Server 6.1 before Fix Pack 47 appears to be
running on the remote host.  As such, it is potentially affected by the
following vulnerabilities :

  - A remote attacker can bypass authentication because of
    improper user validation on Linux, Solaris, and HP-UX
    platforms that use a LocalOS registry.
    (CVE-2013-0543, PM75582)

  - A denial of service can be caused by the way Apache
    Ant uses bzip2 to compress files. This can be exploited
    by a local attacker passing specially crafted input.
    (CVE-2012-2098, PM90088)

  - A local attacker can cause a denial of service on
    Windows platforms with a LocalOS registry using
    WebSphere Identity Manager. (CVE-2013-0541, PM74909)

  - Remote attackers can traverse directories by deploying
    a specially crafted application file to overwrite files
    outside of the application deployment directory.
    (CVE-2012-3305, PM62467)

  - The TLS protocol implementation is susceptible to
    plaintext-recovery attacks via statistical analysis of
    timing data for crafted packets. (CVE-2013-0169,
    PM85211)

  - Terminal escape sequences are not properly filtered from
    logs. Remote attackers could execute arbitrary commands
    via an HTTP request containing an escape sequence.
    (CVE-2013-1862, PM87808)

  - Improper validation of user input allows for cross-site
    request forgery. By persuading an authenticated user
    to visit a malicious website, a remote attacker could
    exploit this vulnerability to obtain sensitive
    information. (CVE-2012-4853, CVE-2013-3029, PM62920,
    PM88746)

  - Improper validation of user input in the administrative
    console allows for multiple cross-site scripting
    attacks. (CVE-2013-0458, CVE-2013-0459, CVE-2013-0461,
    CVE-2013-0542, CVE-2013-0596, CVE-2013-2967,
    CVE-2013-4005, CVE-2013-4052, PM71139, PM72536, PM71389,
    PM73445, PM78614, PM81846, PM88208, PM91892)

  - Improper validation of portlets in the administrative
    console allows for cross-site request forgery, which
    could allow an attacker to obtain sensitive information.
    (CVE-2013-0460, PM72275)

  - Remote, authenticated attackers can traverse directories
    on Linux and UNIX systems running the application.
    (CVE-2013-0544, PM82468)

  - A denial of service attack is possible if the optional
    mod_dav module is being used. (CVE-2013-1896, PM89996)

  - Sensitive information can be obtained by a local
    attacker because of incorrect caching by the
    administrative console. (CVE-2013-2976, PM79992)

  - An attacker may gain elevated privileges because of
    improper certificate checks. WS-Security and XML Digital
    Signatures must be enabled. (CVE-2013-4053, PM90949,
    PM91521)

  - Deserialization of a maliciously crafted OpenJPA object
    can result in an executable file being written to the
    file system. WebSphere is NOT vulnerable to this issue
    but the vendor suggests upgrading to be proactive.
    (CVE-2013-1768, PM86780, PM86786, PM86788, PM86791)");
  # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_exposure_in_ibm_http_server_cve_2013_1862_pm87808?lang=en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?187690fd");
  script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21647522");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24035508");
  script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?&uid=swg27004980#ver61");
  script_set_attribute(attribute:"solution", value:
"If using WebSphere Application Server, apply Fix Pack 47 (6.1.0.47)
or later.

Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, apply the latest recommended eWAS fix pack.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0462");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/20");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_detect.nasl");
  script_require_keys("www/WebSphere");
  script_require_ports("Services/www", 8880, 8881);

  exit(0);
}


include("global_settings.inc");
include("audit.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:8880, embedded:0);


version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
if (version =~ "^[0-9]+(\.[0-9]+)?$")
  exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port " + port + ".");

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (ver[0] == 6 && ver[1] == 1 && ver[2] == 0 && ver[3] < 47)
{
  set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
  set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);

  if (report_verbosity > 0)
  {
    source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");

    report =
      '\n  Version source    : ' + source +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 6.1.0.47' +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "WebSphere", port, version);

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 53676 CVE ID: CVE-2012-2098 Apache Commons Compress库定义了一个API,可处理ar、cpio、Unix dump、tar、zip、gzip、XZ、Pack200、bzip2文件。Apache Ant,是一个将软件编译、测试、部署等步骤联系在一起加以自动化的一个工具,大多用于Java环境中的软件开发。 Apache Commons Compress 1.4.1之前版本在使用bzip2压缩文件时存在安全漏洞,可通过发送到BZip2CompressorOutputStream类的特制文件利用此漏洞消耗系统资源,造成拒绝服务。 0 Apache Group Commons Compress 1.4 Apache Group Commons Compress 1.0 Apache Group Ant 1.8.3 Apache Group Ant 1.6.2 Apache Group Ant 1.5 厂商补丁: Apache Group ------------ Apache Group已经为此发布了一个安全公告(Fixed in Apache Commons Compress 1.4.1)以及相应补丁: Fixed in Apache Commons Compress 1.4.1:Reporting New Security Problems with Apache Commons Compress 链接:http://commons.apache.org/compress/security.html
idSSV:60155
last seen2017-11-19
modified2012-05-25
published2012-05-25
reporterRoot
titleApache Commons Compress和Apache Ant拒绝服务漏洞

References