Vulnerabilities > CVE-2019-14379

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Fasterxml Fasterxml Jackson Databind 2.9.0 Fasterxml Jackson Databind 2.9.1 Fasterxml Jackson Databind 2.9.2 Fasterxml Jackson Databind 2.9.3 Fasterxml Jackson Databind 2.9.4 Fasterxml Jackson Databind 2.9.5 Fasterxml Jackson Databind 2.9.6 Fasterxml Jackson Databind 2.9.7 Fasterxml Jackson Databind 2.9.8 Fasterxml Jackson Databind 2.9.9 Fasterxml Jackson Databind 2.9.9.1 Fasterxml Jackson Databind 2.7.0 Fasterxml Jackson Databind 2.7.1 Fasterxml Jackson Databind 2.7.1-1 Fasterxml Jackson Databind 2.7.2 Fasterxml Jackson Databind 2.7.3 Fasterxml Jackson Databind 2.7.4 Fasterxml Jackson Databind 2.7.5 Fasterxml Jackson Databind 2.7.6 Fasterxml Jackson Databind 2.7.7 Fasterxml Jackson Databind 2.7.8 Fasterxml Jackson Databind 2.7.9 Fasterxml Jackson Databind 2.7.9.1 Fasterxml Jackson Databind 2.7.9.2 Fasterxml Jackson Databind 2.7.9.3 Fasterxml Jackson Databind 2.7.9.4 Fasterxml Jackson Databind 2.7.9.5 Fasterxml Jackson Databind 2.8.0 Fasterxml Jackson Databind 2.8.1 Fasterxml Jackson Databind 2.8.2 Fasterxml Jackson Databind 2.8.3 Fasterxml Jackson Databind 2.8.4 Fasterxml Jackson Databind 2.8.5 Fasterxml Jackson Databind 2.8.6 Fasterxml Jackson Databind 2.8.7 Fasterxml Jackson Databind 2.8.8 Fasterxml Jackson Databind 2.8.8.1 Fasterxml Jackson Databind 2.8.9 Fasterxml Jackson Databind 2.8.10 Fasterxml Jackson Databind 2.8.11 Fasterxml Jackson Databind 2.8.11.1 Fasterxml Jackson Databind 2.8.11.2 Fasterxml Jackson Databind 2.8.11.3 Fasterxml Jackson Databind 2.0.0 Fasterxml Jackson Databind 2.0.1 Fasterxml Jackson Databind 2.0.2 Fasterxml Jackson Databind 2.0.4 Fasterxml Jackson Databind 2.0.5 Fasterxml Jackson Databind 2.0.6 Fasterxml Jackson Databind 2.1.0 Fasterxml Jackson Databind 2.1.1 Fasterxml Jackson Databind 2.1.2 Fasterxml Jackson Databind 2.1.3 Fasterxml Jackson Databind 2.1.4 Fasterxml Jackson Databind 2.1.5 Fasterxml Jackson Databind 2.2.0 Fasterxml Jackson Databind 2.2.1 Fasterxml Jackson Databind 2.2.2 Fasterxml Jackson Databind 2.2.3 Fasterxml Jackson Databind 2.2.4 Fasterxml Jackson Databind 2.3.0 Fasterxml Jackson Databind 2.3.1 Fasterxml Jackson Databind 2.3.2 Fasterxml Jackson Databind 2.3.3 Fasterxml Jackson Databind 2.3.4 Fasterxml Jackson Databind 2.3.5 Fasterxml Jackson Databind 2.4.0 Fasterxml Jackson Databind 2.4.1 Fasterxml Jackson Databind 2.4.1.1 Fasterxml Jackson Databind 2.4.1.2 Fasterxml Jackson Databind 2.4.1.3 Fasterxml Jackson Databind 2.4.2 Fasterxml Jackson Databind 2.4.3 Fasterxml Jackson Databind 2.4.4 Fasterxml Jackson Databind 2.4.5 Fasterxml Jackson Databind 2.4.5.1 Fasterxml Jackson Databind 2.4.6 Fasterxml Jackson Databind 2.4.6.1 Fasterxml Jackson Databind 2.5.0 Fasterxml Jackson Databind 2.5.1 Fasterxml Jackson Databind 2.5.2 Fasterxml Jackson Databind 2.5.3 Fasterxml Jackson Databind 2.5.4 Fasterxml Jackson Databind 2.5.5 Fasterxml Jackson Databind 2.6.0 Fasterxml Jackson Databind 2.6.1 Fasterxml Jackson Databind 2.6.2 Fasterxml Jackson Databind 2.6.3 Fasterxml Jackson Databind 2.6.4 Fasterxml Jackson Databind 2.6.5 Fasterxml Jackson Databind 2.6.6 Fasterxml Jackson Databind 2.6.7 Fasterxml Jackson Databind 2.6.7.1 Fasterxml Jackson Databind 2.6.7.2	124
Application	Netapp Netapp Snapcenter - Netapp Oncommand Workflow Automation - Netapp Service Level Manager - Netapp Active IQ Unified Manager 7.3 Netapp Active IQ Unified Manager 9.5 Netapp Active IQ Unified Manager 9.6 Netapp Active IQ Unified Manager 9.10 Netapp Active IQ Unified Manager 9.11P1	14
Application	Redhat Redhat Jboss Enterprise Application Platform 7.2 Redhat Jboss Enterprise Application Platform 7.3 Redhat Openshift Container Platform 4.1 Redhat Openshift Container Platform 3.11 Redhat Single Sign ON 7.3	5
Application	Oracle Oracle Retail Xstore Point OF Service 15.0 Oracle Retail Xstore Point OF Service 7.1 Oracle Retail Xstore Point OF Service 16.0 Oracle Retail Xstore Point OF Service 17.0 Oracle Retail Xstore Point OF Service 18.0 Oracle Primavera Unifier 16.2 Oracle Primavera Unifier 16.1 Oracle Primavera Unifier 18.8 Oracle Primavera Unifier 17.7 Oracle Primavera Unifier 17.8 Oracle Primavera Unifier 17.9 Oracle Primavera Unifier 17.10 Oracle Primavera Unifier 17.11 Oracle Primavera Unifier 17.12 Oracle Banking Platform 2.4.0 Oracle Banking Platform 2.4.1 Oracle Banking Platform 2.5.0 Oracle Banking Platform 2.6.0 Oracle Banking Platform 2.6.1 Oracle Banking Platform 2.7.0 Oracle Banking Platform 2.7.1 Oracle JD Edwards Enterpriseone Tools 9.2 Oracle Primavera Gateway 16.2 Oracle Primavera Gateway 15.2 Oracle Primavera Gateway 17.12 Oracle Primavera Gateway 18.8.0 Oracle JD Edwards Enterpriseone Orchestrator 9.2 Oracle Retail Customer Management AND Segmentation Foundation 17.0 Oracle Siebel UI Framework - Oracle Siebel UI Framework 8.1.1 Oracle Siebel UI Framework 8.2.2 Oracle Siebel UI Framework 16.0 Oracle Siebel UI Framework 16.1 Oracle Siebel UI Framework 17.0 Oracle Siebel UI Framework 18.0 Oracle Siebel UI Framework 18.7 Oracle Siebel UI Framework 18.8 Oracle Siebel UI Framework 18.9 Oracle Siebel UI Framework 18.10 Oracle Siebel UI Framework 18.11 Oracle Siebel UI Framework 19.0 Oracle Siebel UI Framework 19.7 Oracle Siebel UI Framework 19.8 Oracle Siebel UI Framework 19.10 Oracle Goldengate Stream Analytics - Oracle Communications Diameter Signaling Router 8.2.1 Oracle Communications Diameter Signaling Router 8.0.0 Oracle Communications Diameter Signaling Router 8.1 Oracle Communications Diameter Signaling Router 8.2 Oracle Financial Services Analytical Applications Infrastructure 8.0.2 Oracle Financial Services Analytical Applications Infrastructure 8.0.2.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.2.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.2.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.3 Oracle Financial Services Analytical Applications Infrastructure 8.0.3.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.3.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.3.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.3.3.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.4 Oracle Financial Services Analytical Applications Infrastructure 8.0.4.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.4.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.4.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.4.3.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.4.4.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.4.5.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.5 Oracle Financial Services Analytical Applications Infrastructure 8.0.5.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.5.0.1 Oracle Financial Services Analytical Applications Infrastructure 8.0.5.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.5.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.5.3.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.5.4.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.0.1 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.3.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.4.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.8 Oracle Siebel Engineering Installer & Deployment - Oracle Siebel Engineering Installer & Deployment 2.1.1 Oracle Siebel Engineering Installer & Deployment 2.20.5 Oracle Siebel Engineering Installer & Deployment 19.8 Oracle Communications Instant Messaging Server 10.0.1.3.0	89
Application	Apple Apple Xcode - Apple Xcode 1.5.0 Apple Xcode 2.0.0 Apple Xcode 2.1.0 Apple Xcode 2.2.0 Apple Xcode 2.3.0 Apple Xcode 2.4.0 Apple Xcode 2.4.1 Apple Xcode 3.1 Apple Xcode 3.1.1 Apple Xcode 3.1.2 Apple Xcode 3.1.3 Apple Xcode 3.1.4 Apple Xcode 3.2.1 Apple Xcode 3.2.2 Apple Xcode 3.2.3 Apple Xcode 3.2.4 Apple Xcode 3.2.5 Apple Xcode 4.0 Apple Xcode 4.0.1 Apple Xcode 4.0.2 Apple Xcode 4.1 Apple Xcode 4.1.1 Apple Xcode 4.2 Apple Xcode 4.2.1 Apple Xcode 4.3 Apple Xcode 4.3.1 Apple Xcode 4.3.2 Apple Xcode 4.3.3 Apple Xcode 4.4 Apple Xcode 4.4.1 Apple Xcode 4.5 Apple Xcode 4.5.1 Apple Xcode 4.5.2 Apple Xcode 4.6 Apple Xcode 4.6.1 Apple Xcode 4.6.2 Apple Xcode 4.6.3 Apple Xcode 5.0 Apple Xcode 5.0.1 Apple Xcode 5.0.2 Apple Xcode 5.1 Apple Xcode 5.1.1 Apple Xcode 6.0 Apple Xcode 6.0.1 Apple Xcode 6.1 Apple Xcode 6.1.1 Apple Xcode 6.2 Apple Xcode 6.3 Apple Xcode 6.3.1 Apple Xcode 6.3.2 Apple Xcode 6.4 Apple Xcode 7.0 Apple Xcode 7.0.1 Apple Xcode 7.1 Apple Xcode 7.1.1 Apple Xcode 7.2 Apple Xcode 7.2.1 Apple Xcode 7.3 Apple Xcode 7.3.1 Apple Xcode 8.0 Apple Xcode 8.1 Apple Xcode 8.2 Apple Xcode 8.2.1 Apple Xcode 8.3 Apple Xcode 8.3.1 Apple Xcode 8.3.2 Apple Xcode 8.3.3 Apple Xcode 9.0 Apple Xcode 9.0.1 Apple Xcode 9.1 Apple Xcode 9.2 Apple Xcode 9.3 Apple Xcode 9.3.1 Apple Xcode 9.4 Apple Xcode 9.4.1 Apple Xcode 10 Apple Xcode 11.0 Apple Xcode 11.2 Apple Xcode 11.3 Apple Xcode 12.0 Apple Xcode 12.4 Apple Xcode 12.5 Apple Xcode 12.5.1 Apple Xcode 13.0 Apple Xcode 13.1 Apple Xcode 13.2 Apple Xcode 13.2.1	89
OS	Debian Debian Debian Linux 8.0	1
OS	Fedoraproject Fedoraproject Fedora 29 Fedoraproject Fedora 30 Fedoraproject Fedora 31	3
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 6.0 Redhat Enterprise Linux 8.0	3

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1879.NASL
description	Deserialization flaws were discovered in jackson-databind relating to EHCache and logback/jndi, which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For Debian 8
last seen	2020-06-01
modified	2020-06-02
plugin id	127821
published	2019-08-13
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127821
title	Debian DLA-1879-1 : jackson-databind security update
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1879-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(127821); script_version("1.2"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2019-14379", "CVE-2019-14439"); script_name(english:"Debian DLA-1879-1 : jackson-databind security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Deserialization flaws were discovered in jackson-databind relating to EHCache and logback/jndi, which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For Debian 8 'Jessie', these problems have been fixed in version 2.4.2-2+deb8u8. We recommend that you upgrade your jackson-databind packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/jackson-databind" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjackson2-databind-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjackson2-databind-java-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/29"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libjackson2-databind-java", reference:"2.4.2-2+deb8u8")) flag++; if (deb_check(release:"8.0", prefix:"libjackson2-databind-java-doc", reference:"2.4.2-2+deb8u8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-2936.NASL
description	An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es) : * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212) * codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)
last seen	2020-06-01
modified	2020-06-02
plugin id	129517
published	2019-10-02
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129517
title	RHEL 7 : JBoss EAP (RHSA-2019:2936)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:2936. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(129517); script_version("1.4"); script_cvs_date("Date: 2019/12/23"); script_cve_id("CVE-2019-10184", "CVE-2019-10202", "CVE-2019-10212", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379"); script_xref(name:"RHSA", value:"2019:2936"); script_name(english:"RHEL 7 : JBoss EAP (RHSA-2019:2936)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es) : * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212) * codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/documentation/en-us/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:2936" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-10184" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-10202" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-10212" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-12086" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-12384" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-12814" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14379" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-core-asl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-jaxrs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-mapper-asl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-xc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hal-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-annotations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jdk8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jsr310"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-json-provider"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-module-jaxb-annotations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-java8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-jaxrs-api_2.1_spec"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logging"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logmanager"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-marshalling-river"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-msc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-remoting"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0-to-eap7.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1-to-eap7.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0-to-eap7.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1-to-eap7.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0-to-eap7.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0-to-eap7.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly13.0-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly14.0-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2-to-eap7.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0-to-eap7.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-xnio-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jgroups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-narayana"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-compensations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbosstxbridge"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbossxts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-idlj"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-integration"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-bridge"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-integration"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-narayana-txframework"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketbox-infinispan"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-undertow"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-impl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-jsf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-ejb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-jta"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-probe-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-web"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron-tool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2019:2936"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL7", rpm:"eap7-jboss"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss EAP"); if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-cli-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-commons-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-core-client-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-dto-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-hornetq-protocol-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-hqclient-protocol-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-jdbc-store-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-jms-client-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-jms-server-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-journal-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-ra-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-selector-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-server-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-service-extensions-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-activemq-artemis-tools-2.9.0-1.redhat_00005.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-codehaus-jackson-1.9.13-9.redhat_00006.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-codehaus-jackson-core-asl-1.9.13-9.redhat_00006.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-codehaus-jackson-jaxrs-1.9.13-9.redhat_00006.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-codehaus-jackson-mapper-asl-1.9.13-9.redhat_00006.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-codehaus-jackson-xc-1.9.13-9.redhat_00006.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-glassfish-jsf-2.3.5-4.SP3_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-hal-console-3.0.16-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-hibernate-5.3.11-2.SP1_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-hibernate-core-5.3.11-2.SP1_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-hibernate-entitymanager-5.3.11-2.SP1_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-hibernate-envers-5.3.11-2.SP1_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-hibernate-java8-5.3.11-2.SP1_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-infinispan-9.3.7-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-infinispan-cachestore-jdbc-9.3.7-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-infinispan-cachestore-remote-9.3.7-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-infinispan-client-hotrod-9.3.7-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-infinispan-commons-9.3.7-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-infinispan-core-9.3.7-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-infinispan-hibernate-cache-commons-9.3.7-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-infinispan-hibernate-cache-spi-9.3.7-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-infinispan-hibernate-cache-v53-9.3.7-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-ironjacamar-1.4.17-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-ironjacamar-common-api-1.4.17-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-ironjacamar-common-impl-1.4.17-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-ironjacamar-common-spi-1.4.17-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-ironjacamar-core-api-1.4.17-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-ironjacamar-core-impl-1.4.17-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-ironjacamar-deployers-common-1.4.17-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-ironjacamar-jdbc-1.4.17-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-ironjacamar-validator-1.4.17-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jackson-annotations-2.9.9-1.redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jackson-core-2.9.9-1.redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jackson-databind-2.9.9.3-1.redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jackson-datatype-jdk8-2.9.9-1.redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jackson-datatype-jsr310-2.9.9-1.redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jackson-jaxrs-base-2.9.9-2.redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jackson-jaxrs-json-provider-2.9.9-2.redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jackson-module-jaxb-annotations-2.9.9-1.redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jackson-modules-base-2.9.9-1.redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jackson-modules-java8-2.9.9-1.redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-ejb-client-4.0.23-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-jaxrs-api_2.1_spec-1.0.3-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-logging-3.3.3-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-logmanager-2.1.14-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-marshalling-2.0.9-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-marshalling-river-2.0.9-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-msc-1.4.8-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-remoting-5.0.14-1.SP1_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-cli-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-core-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap6.4-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap7.0-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap7.1-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap7.2-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly10.0-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly10.1-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly11.0-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly12.0-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly13.0-server-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly14.0-server-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly8.2-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly9.0-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-4.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jboss-xnio-base-3.7.3-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-jgroups-4.0.20-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-narayana-5.9.6-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-narayana-compensations-5.9.6-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-narayana-jbosstxbridge-5.9.6-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-narayana-jbossxts-5.9.6-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-narayana-jts-idlj-5.9.6-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-narayana-jts-integration-5.9.6-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-narayana-restat-api-5.9.6-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-narayana-restat-bridge-5.9.6-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-narayana-restat-integration-5.9.6-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-narayana-restat-util-5.9.6-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-narayana-txframework-5.9.6-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-netty-4.1.34-2.Final_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-netty-all-4.1.34-2.Final_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-picketbox-5.0.3-5.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-picketbox-infinispan-5.0.3-5.Final_redhat_00004.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-picketlink-api-2.5.5-20.SP12_redhat_00007.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-picketlink-bindings-2.5.5-20.SP12_redhat_00007.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-picketlink-common-2.5.5-20.SP12_redhat_00007.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-picketlink-config-2.5.5-20.SP12_redhat_00007.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-picketlink-federation-2.5.5-20.SP12_redhat_00007.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-picketlink-idm-api-2.5.5-20.SP12_redhat_00007.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-picketlink-idm-impl-2.5.5-20.SP12_redhat_00007.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-picketlink-idm-simple-schema-2.5.5-20.SP12_redhat_00007.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-picketlink-impl-2.5.5-20.SP12_redhat_00007.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-picketlink-wildfly8-2.5.5-20.SP12_redhat_00007.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-undertow-2.0.25-1.SP1_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-weld-core-3.0.6-2.Final_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-weld-core-impl-3.0.6-2.Final_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-weld-core-jsf-3.0.6-2.Final_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-weld-ejb-3.0.6-2.Final_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-weld-jta-3.0.6-2.Final_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-weld-probe-core-3.0.6-2.Final_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-weld-web-3.0.6-2.Final_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-7.2.4-1.GA_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-elytron-1.6.4-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-elytron-tool-1.4.3-1.Final_redhat_00001.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-java-jdk11-7.2.4-1.GA_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-java-jdk8-7.2.4-1.GA_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-javadocs-7.2.4-1.GA_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-modules-7.2.4-1.GA_redhat_00002.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-transaction-client-1.1.6-2.Final_redhat_00001.1.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "eap7-activemq-artemis / eap7-activemq-artemis-cli / etc"); } }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-3046.NASL
description	New Red Hat Single Sign-On 7.3.4 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.4 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * keycloak: cross-realm user access auth bypass (CVE-2019-14832) * keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	129865
published	2019-10-15
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129865
title	RHEL 8 : Red Hat Single Sign-On 7.3.4 (RHSA-2019:3046)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:3046. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(129865); script_version("1.4"); script_cvs_date("Date: 2019/12/19"); script_cve_id("CVE-2019-10184", "CVE-2019-12086", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14820", "CVE-2019-14832"); script_xref(name:"RHSA", value:"2019:3046"); script_name(english:"RHEL 8 : Red Hat Single Sign-On 7.3.4 (RHSA-2019:3046)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "New Red Hat Single Sign-On 7.3.4 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.4 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * keycloak: cross-realm user access auth bypass (CVE-2019-14832) * keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section." ); # https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?93d4a9a3" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:3046" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-10184" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-12086" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-12814" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14379" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14820" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14832" ); script_set_attribute( attribute:"solution", value: "Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2019:3046"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL8", reference:"rh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el8sso")) flag++; if (rpm_check(release:"RHEL8", reference:"rh-sso7-keycloak-server-4.8.13-1.Final_redhat_00001.1.el8sso")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rh-sso7-keycloak / rh-sso7-keycloak-server"); } }

NASL family	CGI abuses
NASL id	ORACLE_PRIMAVERA_UNIFIER_CPU_OCT_2019.NASL
description	According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.1.x or 16.2.x prior to 16.2.15.10, or 17.7.x through 17.12.x prior to 17.12.11.1, or 18.8.x prior to 18.8.13.0. It is, therefore, affected by multiple vulnerabilities: - An unspecified flaw exists in how
last seen	2020-06-01
modified	2020-06-02
plugin id	130070
published	2019-10-21
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130070
title	Oracle Primavera Unifier Multiple Vulnerabilities (Oct 2019 CPU)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(130070); script_version("1.2"); script_cvs_date("Date: 2019/10/30 13:24:46"); script_cve_id( "CVE-2017-12626", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-14379", "CVE-2019-14439" ); script_bugtraq_id(102879, 108023, 109227); script_xref(name:"IAVA", value:"2019-A-0380"); script_name(english:"Oracle Primavera Unifier Multiple Vulnerabilities (Oct 2019 CPU)"); script_summary(english:"Checks the version of Oracle Primavera Unifier."); script_set_attribute(attribute:"synopsis", value: "An application running on the remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.1.x or 16.2.x prior to 16.2.15.10, or 17.7.x through 17.12.x prior to 17.12.11.1, or 18.8.x prior to 18.8.13.0. It is, therefore, affected by multiple vulnerabilities: - An unspecified flaw exists in how 'default typing' is handled when 'ehcache' is used in the jackson-databind component of Primavera Unifier. An unauthenticated, remote attacker can exploit this via the network over HTTP to cause remote code execution. (CVE-2019-14379) - An information disclosure vulnerability exists in the jackson-databind component of Primavera Unifier. An unauthenticated, remote attacker can exploit this via an externally exposed JSON endpoint if the service has the mysql-connector-java jar in the classpath, and the attacker can host a crafted MySQL server accessible by the victim. An attacker can send a crafted JSON message to read arbitrary local files on the server. (CVE-2019-12086) - An information disclosure vulnerability exists in the jackson-databind component of Primavera Unifier. An unauthenticated, remote attacker can exploit this via an externally exposed JSON endpoint if the service has the logback jar in the classpath, which can allow information disclosure. (CVE-2019-14439) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b370bc74"); script_set_attribute(attribute:"solution", value: "Upgrade to Oracle Primavera Unifier version 16.2.15.10 / 17.12.11.1 / 18.8.13.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14379"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/15"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/21"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"x-cpe:/a:oracle:primavera_unifier"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_primavera_unifier.nbin"); script_require_keys("installed_sw/Oracle Primavera Unifier", "www/weblogic"); script_require_ports("Services/www", 8002); exit(0); } include('http.inc'); include('vcf.inc'); get_install_count(app_name:'Oracle Primavera Unifier', exit_if_zero:TRUE); port = get_http_port(default:8002); get_kb_item_or_exit('www/weblogic/' + port + '/installed'); app_info = vcf::get_app_info(app:'Oracle Primavera Unifier', port:port); vcf::check_granularity(app_info:app_info, sig_segments:3); constraints = [ { 'min_version' : '16.1.0.0', 'fixed_version' : '16.2.15.10' }, { 'min_version' : '17.7.0.0', 'fixed_version' : '17.12.11.1' }, { 'min_version' : '18.8.0.0', 'fixed_version' : '18.8.13.0' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-3045.NASL
description	New Red Hat Single Sign-On 7.3.4 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.4 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * keycloak: cross-realm user access auth bypass (CVE-2019-14832) * keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	129864
published	2019-10-15
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129864
title	RHEL 7 : Red Hat Single Sign-On 7.3.4 (RHSA-2019:3045)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:3045. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(129864); script_version("1.4"); script_cvs_date("Date: 2019/12/19"); script_cve_id("CVE-2019-10184", "CVE-2019-12086", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14820", "CVE-2019-14832"); script_xref(name:"RHSA", value:"2019:3045"); script_name(english:"RHEL 7 : Red Hat Single Sign-On 7.3.4 (RHSA-2019:3045)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "New Red Hat Single Sign-On 7.3.4 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.4 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * keycloak: cross-realm user access auth bypass (CVE-2019-14832) * keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section." ); # https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?93d4a9a3" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:3045" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-10184" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-12086" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-12814" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14379" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14820" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14832" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-libunix-dbus-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-libunix-dbus-java-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-libunix-dbus-java-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2019:3045"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", reference:"rh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el7sso")) flag++; if (rpm_check(release:"RHEL7", reference:"rh-sso7-keycloak-server-4.8.13-1.Final_redhat_00001.1.el7sso")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rh-sso7-libunix-dbus-java-0.8.0-2.el7sso")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rh-sso7-libunix-dbus-java-debuginfo-0.8.0-2.el7sso")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rh-sso7-libunix-dbus-java-devel-0.8.0-2.el7sso")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rh-sso7-keycloak / rh-sso7-keycloak-server / etc"); } }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-99FF6AA32C.NASL
description	- Update jackson-databind to version 2.9.9.3. - Update jackson-core to version 2.9.9. - Update jackson-annotations to version 2.9.9. - Update jackson-bom to version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	129634
published	2019-10-07
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129634
title	Fedora 31 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-99ff6aa32c)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-2935.NASL
description	An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es) : * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212) * codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)
last seen	2020-06-01
modified	2020-06-02
plugin id	129516
published	2019-10-02
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129516
title	RHEL 6 : JBoss EAP (RHSA-2019:2935)

NASL family	CGI abuses
NASL id	ORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2019.NASL
description	According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.17, 16.x prior to 16.2.10, 17.x prior to 17.12.5, or 18.x prior to 18.8.7. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in the FasterXML jackson-databind component, which is version 2.x prior to 2.9.9. This vulnerability is due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. An unauthenticated, remote attacker can exploit this by hosting a crafted MySQL server reachable by the victim and sending a crated JSON message that allows them to read arbitrary files and disclose sensitive information. (CVE-2019-12086) - Denial of service (DoS) vulnerabilities exist in the Apache POI component, which is prior to 3.1.7, due to a flaw when parsing crafted WMF, EMF, MSG, macros, DOC, PPT, and XLS. An unauthenticated, remote attacker can exploit this issue, via sending crafted input, to cause the application to stop responding. (CVE-2017-12626) - A remote code execution vulnerability exists in the FasterXML jackson-databind component, which is prior to 2.9.0.2, due to a flaw in how default typing is handled when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2019-14379) Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	130019
published	2019-10-18
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130019
title	Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2019 CPU)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-FB23ECCC03.NASL
description	- Update jackson-databind to version 2.9.9.3. - Update jackson-core to version 2.9.9. - Update jackson-annotations to version 2.9.9. - Update jackson-bom to version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	129113
published	2019-09-23
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129113
title	Fedora 29 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-fb23eccc03)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-2937.NASL
description	An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es) : * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212) * codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)
last seen	2020-06-01
modified	2020-06-02
plugin id	129518
published	2019-10-02
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129518
title	RHEL 8 : JBoss EAP (RHSA-2019:2937)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-3044.NASL
description	New Red Hat Single Sign-On 7.3.4 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.4 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * keycloak: cross-realm user access auth bypass (CVE-2019-14832) * keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	129863
published	2019-10-15
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129863
title	RHEL 6 : Red Hat Single Sign-On 7.3.4 (RHSA-2019:3044)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-AE6A703B8F.NASL
description	- Update jackson-databind to version 2.9.9.3. - Update jackson-core to version 2.9.9. - Update jackson-annotations to version 2.9.9. - Update jackson-bom to version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	129110
published	2019-09-23
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129110
title	Fedora 30 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-ae6a703b8f)

Redhat

advisories

rhsa
id RHBA-2019:2824
rhsa
id RHSA-2019:2743
rhsa
id RHSA-2019:2858
rhsa
id RHSA-2019:2935
rhsa
id RHSA-2019:2936
rhsa
id RHSA-2019:2937
rhsa
id RHSA-2019:2938
rhsa
id RHSA-2019:2998
rhsa
id RHSA-2019:3044
rhsa
id RHSA-2019:3045
rhsa
id RHSA-2019:3046
rhsa
id RHSA-2019:3050
rhsa
id RHSA-2019:3149
rhsa
id RHSA-2019:3200
rhsa
id RHSA-2019:3292
rhsa
id RHSA-2019:3297
rhsa
id RHSA-2019:3901
rhsa
id RHSA-2020:0727

rpms

rh-maven35-jackson-databind-0:2.7.6-2.7.el7
rh-maven35-jackson-databind-javadoc-0:2.7.6-2.7.el7
eap7-activemq-artemis-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-cli-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-commons-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-core-client-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-dto-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-hornetq-protocol-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-hqclient-protocol-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-jdbc-store-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-jms-client-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-jms-server-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-journal-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-ra-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-selector-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-server-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-service-extensions-0:2.9.0-1.redhat_00005.1.el6eap
eap7-activemq-artemis-tools-0:2.9.0-1.redhat_00005.1.el6eap
eap7-codehaus-jackson-0:1.9.13-9.redhat_00006.1.el6eap
eap7-codehaus-jackson-core-asl-0:1.9.13-9.redhat_00006.1.el6eap
eap7-codehaus-jackson-jaxrs-0:1.9.13-9.redhat_00006.1.el6eap
eap7-codehaus-jackson-mapper-asl-0:1.9.13-9.redhat_00006.1.el6eap
eap7-codehaus-jackson-xc-0:1.9.13-9.redhat_00006.1.el6eap
eap7-glassfish-jsf-0:2.3.5-4.SP3_redhat_00002.1.el6eap
eap7-hal-console-0:3.0.16-1.Final_redhat_00001.1.el6eap
eap7-hibernate-0:5.3.11-2.SP1_redhat_00001.1.el6eap
eap7-hibernate-core-0:5.3.11-2.SP1_redhat_00001.1.el6eap
eap7-hibernate-entitymanager-0:5.3.11-2.SP1_redhat_00001.1.el6eap
eap7-hibernate-envers-0:5.3.11-2.SP1_redhat_00001.1.el6eap
eap7-hibernate-java8-0:5.3.11-2.SP1_redhat_00001.1.el6eap
eap7-infinispan-0:9.3.7-1.Final_redhat_00001.1.el6eap
eap7-infinispan-cachestore-jdbc-0:9.3.7-1.Final_redhat_00001.1.el6eap
eap7-infinispan-cachestore-remote-0:9.3.7-1.Final_redhat_00001.1.el6eap
eap7-infinispan-client-hotrod-0:9.3.7-1.Final_redhat_00001.1.el6eap
eap7-infinispan-commons-0:9.3.7-1.Final_redhat_00001.1.el6eap
eap7-infinispan-core-0:9.3.7-1.Final_redhat_00001.1.el6eap
eap7-infinispan-hibernate-cache-commons-0:9.3.7-1.Final_redhat_00001.1.el6eap
eap7-infinispan-hibernate-cache-spi-0:9.3.7-1.Final_redhat_00001.1.el6eap
eap7-infinispan-hibernate-cache-v53-0:9.3.7-1.Final_redhat_00001.1.el6eap
eap7-ironjacamar-0:1.4.17-1.Final_redhat_00001.1.el6eap
eap7-ironjacamar-common-api-0:1.4.17-1.Final_redhat_00001.1.el6eap
eap7-ironjacamar-common-impl-0:1.4.17-1.Final_redhat_00001.1.el6eap
eap7-ironjacamar-common-spi-0:1.4.17-1.Final_redhat_00001.1.el6eap
eap7-ironjacamar-core-api-0:1.4.17-1.Final_redhat_00001.1.el6eap
eap7-ironjacamar-core-impl-0:1.4.17-1.Final_redhat_00001.1.el6eap
eap7-ironjacamar-deployers-common-0:1.4.17-1.Final_redhat_00001.1.el6eap
eap7-ironjacamar-jdbc-0:1.4.17-1.Final_redhat_00001.1.el6eap
eap7-ironjacamar-validator-0:1.4.17-1.Final_redhat_00001.1.el6eap
eap7-jackson-annotations-0:2.9.9-1.redhat_00001.1.el6eap
eap7-jackson-core-0:2.9.9-1.redhat_00001.1.el6eap
eap7-jackson-databind-0:2.9.9.3-1.redhat_00001.1.el6eap
eap7-jackson-datatype-jdk8-0:2.9.9-1.redhat_00001.1.el6eap
eap7-jackson-datatype-jsr310-0:2.9.9-1.redhat_00001.1.el6eap
eap7-jackson-jaxrs-base-0:2.9.9-2.redhat_00001.1.el6eap
eap7-jackson-jaxrs-json-provider-0:2.9.9-2.redhat_00001.1.el6eap
eap7-jackson-module-jaxb-annotations-0:2.9.9-1.redhat_00001.1.el6eap
eap7-jackson-modules-base-0:2.9.9-1.redhat_00001.1.el6eap
eap7-jackson-modules-java8-0:2.9.9-1.redhat_00001.1.el6eap
eap7-jboss-ejb-client-0:4.0.23-1.Final_redhat_00001.1.el6eap
eap7-jboss-jaxrs-api_2.1_spec-0:1.0.3-1.Final_redhat_00001.1.el6eap
eap7-jboss-logging-0:3.3.3-1.Final_redhat_00001.1.el6eap
eap7-jboss-logmanager-0:2.1.14-1.Final_redhat_00001.1.el6eap
eap7-jboss-marshalling-0:2.0.9-1.Final_redhat_00001.1.el6eap
eap7-jboss-marshalling-river-0:2.0.9-1.Final_redhat_00001.1.el6eap
eap7-jboss-msc-0:1.4.8-1.Final_redhat_00001.1.el6eap
eap7-jboss-remoting-0:5.0.14-1.SP1_redhat_00001.1.el6eap
eap7-jboss-server-migration-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-cli-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-core-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-eap6.4-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-eap7.0-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-eap7.1-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly10.0-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly10.1-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly11.0-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly12.0-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly8.2-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly9.0-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el6eap
eap7-jboss-xnio-base-0:3.7.3-1.Final_redhat_00001.1.el6eap
eap7-jgroups-0:4.0.20-1.Final_redhat_00001.1.el6eap
eap7-narayana-0:5.9.6-1.Final_redhat_00001.1.el6eap
eap7-narayana-compensations-0:5.9.6-1.Final_redhat_00001.1.el6eap
eap7-narayana-jbosstxbridge-0:5.9.6-1.Final_redhat_00001.1.el6eap
eap7-narayana-jbossxts-0:5.9.6-1.Final_redhat_00001.1.el6eap
eap7-narayana-jts-idlj-0:5.9.6-1.Final_redhat_00001.1.el6eap
eap7-narayana-jts-integration-0:5.9.6-1.Final_redhat_00001.1.el6eap
eap7-narayana-restat-api-0:5.9.6-1.Final_redhat_00001.1.el6eap
eap7-narayana-restat-bridge-0:5.9.6-1.Final_redhat_00001.1.el6eap
eap7-narayana-restat-integration-0:5.9.6-1.Final_redhat_00001.1.el6eap
eap7-narayana-restat-util-0:5.9.6-1.Final_redhat_00001.1.el6eap
eap7-narayana-txframework-0:5.9.6-1.Final_redhat_00001.1.el6eap
eap7-netty-0:4.1.34-2.Final_redhat_00002.1.el6eap
eap7-netty-all-0:4.1.34-2.Final_redhat_00002.1.el6eap
eap7-picketbox-0:5.0.3-5.Final_redhat_00004.1.el6eap
eap7-picketbox-infinispan-0:5.0.3-5.Final_redhat_00004.1.el6eap
eap7-picketlink-api-0:2.5.5-20.SP12_redhat_00007.1.el6eap
eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00007.1.el6eap
eap7-picketlink-common-0:2.5.5-20.SP12_redhat_00007.1.el6eap
eap7-picketlink-config-0:2.5.5-20.SP12_redhat_00007.1.el6eap
eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00007.1.el6eap
eap7-picketlink-idm-api-0:2.5.5-20.SP12_redhat_00007.1.el6eap
eap7-picketlink-idm-impl-0:2.5.5-20.SP12_redhat_00007.1.el6eap
eap7-picketlink-idm-simple-schema-0:2.5.5-20.SP12_redhat_00007.1.el6eap
eap7-picketlink-impl-0:2.5.5-20.SP12_redhat_00007.1.el6eap
eap7-picketlink-wildfly8-0:2.5.5-20.SP12_redhat_00007.1.el6eap
eap7-undertow-0:2.0.25-1.SP1_redhat_00001.1.el6eap
eap7-weld-core-0:3.0.6-2.Final_redhat_00002.1.el6eap
eap7-weld-core-impl-0:3.0.6-2.Final_redhat_00002.1.el6eap
eap7-weld-core-jsf-0:3.0.6-2.Final_redhat_00002.1.el6eap
eap7-weld-ejb-0:3.0.6-2.Final_redhat_00002.1.el6eap
eap7-weld-jta-0:3.0.6-2.Final_redhat_00002.1.el6eap
eap7-weld-probe-core-0:3.0.6-2.Final_redhat_00002.1.el6eap
eap7-weld-web-0:3.0.6-2.Final_redhat_00002.1.el6eap
eap7-wildfly-0:7.2.4-1.GA_redhat_00002.1.el6eap
eap7-wildfly-elytron-0:1.6.4-1.Final_redhat_00001.1.el6eap
eap7-wildfly-elytron-tool-0:1.4.3-1.Final_redhat_00001.1.el6eap
eap7-wildfly-javadocs-0:7.2.4-1.GA_redhat_00002.1.el6eap
eap7-wildfly-modules-0:7.2.4-1.GA_redhat_00002.1.el6eap
eap7-wildfly-transaction-client-0:1.1.6-2.Final_redhat_00001.1.el6eap
eap7-activemq-artemis-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-cli-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-commons-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-core-client-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-dto-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-hornetq-protocol-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-hqclient-protocol-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-jdbc-store-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-jms-client-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-jms-server-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-journal-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-ra-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-selector-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-server-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-service-extensions-0:2.9.0-1.redhat_00005.1.el7eap
eap7-activemq-artemis-tools-0:2.9.0-1.redhat_00005.1.el7eap
eap7-codehaus-jackson-0:1.9.13-9.redhat_00006.1.el7eap
eap7-codehaus-jackson-core-asl-0:1.9.13-9.redhat_00006.1.el7eap
eap7-codehaus-jackson-jaxrs-0:1.9.13-9.redhat_00006.1.el7eap
eap7-codehaus-jackson-mapper-asl-0:1.9.13-9.redhat_00006.1.el7eap
eap7-codehaus-jackson-xc-0:1.9.13-9.redhat_00006.1.el7eap
eap7-glassfish-jsf-0:2.3.5-4.SP3_redhat_00002.1.el7eap
eap7-hal-console-0:3.0.16-1.Final_redhat_00001.1.el7eap
eap7-hibernate-0:5.3.11-2.SP1_redhat_00001.1.el7eap
eap7-hibernate-core-0:5.3.11-2.SP1_redhat_00001.1.el7eap
eap7-hibernate-entitymanager-0:5.3.11-2.SP1_redhat_00001.1.el7eap
eap7-hibernate-envers-0:5.3.11-2.SP1_redhat_00001.1.el7eap
eap7-hibernate-java8-0:5.3.11-2.SP1_redhat_00001.1.el7eap
eap7-infinispan-0:9.3.7-1.Final_redhat_00001.1.el7eap
eap7-infinispan-cachestore-jdbc-0:9.3.7-1.Final_redhat_00001.1.el7eap
eap7-infinispan-cachestore-remote-0:9.3.7-1.Final_redhat_00001.1.el7eap
eap7-infinispan-client-hotrod-0:9.3.7-1.Final_redhat_00001.1.el7eap
eap7-infinispan-commons-0:9.3.7-1.Final_redhat_00001.1.el7eap
eap7-infinispan-core-0:9.3.7-1.Final_redhat_00001.1.el7eap
eap7-infinispan-hibernate-cache-commons-0:9.3.7-1.Final_redhat_00001.1.el7eap
eap7-infinispan-hibernate-cache-spi-0:9.3.7-1.Final_redhat_00001.1.el7eap
eap7-infinispan-hibernate-cache-v53-0:9.3.7-1.Final_redhat_00001.1.el7eap
eap7-ironjacamar-0:1.4.17-1.Final_redhat_00001.1.el7eap
eap7-ironjacamar-common-api-0:1.4.17-1.Final_redhat_00001.1.el7eap
eap7-ironjacamar-common-impl-0:1.4.17-1.Final_redhat_00001.1.el7eap
eap7-ironjacamar-common-spi-0:1.4.17-1.Final_redhat_00001.1.el7eap
eap7-ironjacamar-core-api-0:1.4.17-1.Final_redhat_00001.1.el7eap
eap7-ironjacamar-core-impl-0:1.4.17-1.Final_redhat_00001.1.el7eap
eap7-ironjacamar-deployers-common-0:1.4.17-1.Final_redhat_00001.1.el7eap
eap7-ironjacamar-jdbc-0:1.4.17-1.Final_redhat_00001.1.el7eap
eap7-ironjacamar-validator-0:1.4.17-1.Final_redhat_00001.1.el7eap
eap7-jackson-annotations-0:2.9.9-1.redhat_00001.1.el7eap
eap7-jackson-core-0:2.9.9-1.redhat_00001.1.el7eap
eap7-jackson-databind-0:2.9.9.3-1.redhat_00001.1.el7eap
eap7-jackson-datatype-jdk8-0:2.9.9-1.redhat_00001.1.el7eap
eap7-jackson-datatype-jsr310-0:2.9.9-1.redhat_00001.1.el7eap
eap7-jackson-jaxrs-base-0:2.9.9-2.redhat_00001.1.el7eap
eap7-jackson-jaxrs-json-provider-0:2.9.9-2.redhat_00001.1.el7eap
eap7-jackson-module-jaxb-annotations-0:2.9.9-1.redhat_00001.1.el7eap
eap7-jackson-modules-base-0:2.9.9-1.redhat_00001.1.el7eap
eap7-jackson-modules-java8-0:2.9.9-1.redhat_00001.1.el7eap
eap7-jboss-ejb-client-0:4.0.23-1.Final_redhat_00001.1.el7eap
eap7-jboss-jaxrs-api_2.1_spec-0:1.0.3-1.Final_redhat_00001.1.el7eap
eap7-jboss-logging-0:3.3.3-1.Final_redhat_00001.1.el7eap
eap7-jboss-logmanager-0:2.1.14-1.Final_redhat_00001.1.el7eap
eap7-jboss-marshalling-0:2.0.9-1.Final_redhat_00001.1.el7eap
eap7-jboss-marshalling-river-0:2.0.9-1.Final_redhat_00001.1.el7eap
eap7-jboss-msc-0:1.4.8-1.Final_redhat_00001.1.el7eap
eap7-jboss-remoting-0:5.0.14-1.SP1_redhat_00001.1.el7eap
eap7-jboss-server-migration-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-cli-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-core-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-eap6.4-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-eap7.0-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-eap7.1-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly10.0-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly10.1-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly11.0-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly12.0-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly8.2-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly9.0-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el7eap
eap7-jboss-xnio-base-0:3.7.3-1.Final_redhat_00001.1.el7eap
eap7-jgroups-0:4.0.20-1.Final_redhat_00001.1.el7eap
eap7-narayana-0:5.9.6-1.Final_redhat_00001.1.el7eap
eap7-narayana-compensations-0:5.9.6-1.Final_redhat_00001.1.el7eap
eap7-narayana-jbosstxbridge-0:5.9.6-1.Final_redhat_00001.1.el7eap
eap7-narayana-jbossxts-0:5.9.6-1.Final_redhat_00001.1.el7eap
eap7-narayana-jts-idlj-0:5.9.6-1.Final_redhat_00001.1.el7eap
eap7-narayana-jts-integration-0:5.9.6-1.Final_redhat_00001.1.el7eap
eap7-narayana-restat-api-0:5.9.6-1.Final_redhat_00001.1.el7eap
eap7-narayana-restat-bridge-0:5.9.6-1.Final_redhat_00001.1.el7eap
eap7-narayana-restat-integration-0:5.9.6-1.Final_redhat_00001.1.el7eap
eap7-narayana-restat-util-0:5.9.6-1.Final_redhat_00001.1.el7eap
eap7-narayana-txframework-0:5.9.6-1.Final_redhat_00001.1.el7eap
eap7-netty-0:4.1.34-2.Final_redhat_00002.1.el7eap
eap7-netty-all-0:4.1.34-2.Final_redhat_00002.1.el7eap
eap7-picketbox-0:5.0.3-5.Final_redhat_00004.1.el7eap
eap7-picketbox-infinispan-0:5.0.3-5.Final_redhat_00004.1.el7eap
eap7-picketlink-api-0:2.5.5-20.SP12_redhat_00007.1.el7eap
eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00007.1.el7eap
eap7-picketlink-common-0:2.5.5-20.SP12_redhat_00007.1.el7eap
eap7-picketlink-config-0:2.5.5-20.SP12_redhat_00007.1.el7eap
eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00007.1.el7eap
eap7-picketlink-idm-api-0:2.5.5-20.SP12_redhat_00007.1.el7eap
eap7-picketlink-idm-impl-0:2.5.5-20.SP12_redhat_00007.1.el7eap
eap7-picketlink-idm-simple-schema-0:2.5.5-20.SP12_redhat_00007.1.el7eap
eap7-picketlink-impl-0:2.5.5-20.SP12_redhat_00007.1.el7eap
eap7-picketlink-wildfly8-0:2.5.5-20.SP12_redhat_00007.1.el7eap
eap7-undertow-0:2.0.25-1.SP1_redhat_00001.1.el7eap
eap7-weld-core-0:3.0.6-2.Final_redhat_00002.1.el7eap
eap7-weld-core-impl-0:3.0.6-2.Final_redhat_00002.1.el7eap
eap7-weld-core-jsf-0:3.0.6-2.Final_redhat_00002.1.el7eap
eap7-weld-ejb-0:3.0.6-2.Final_redhat_00002.1.el7eap
eap7-weld-jta-0:3.0.6-2.Final_redhat_00002.1.el7eap
eap7-weld-probe-core-0:3.0.6-2.Final_redhat_00002.1.el7eap
eap7-weld-web-0:3.0.6-2.Final_redhat_00002.1.el7eap
eap7-wildfly-0:7.2.4-1.GA_redhat_00002.1.el7eap
eap7-wildfly-elytron-0:1.6.4-1.Final_redhat_00001.1.el7eap
eap7-wildfly-elytron-tool-0:1.4.3-1.Final_redhat_00001.1.el7eap
eap7-wildfly-java-jdk11-0:7.2.4-1.GA_redhat_00002.1.el7eap
eap7-wildfly-java-jdk8-0:7.2.4-1.GA_redhat_00002.1.el7eap
eap7-wildfly-javadocs-0:7.2.4-1.GA_redhat_00002.1.el7eap
eap7-wildfly-modules-0:7.2.4-1.GA_redhat_00002.1.el7eap
eap7-wildfly-transaction-client-0:1.1.6-2.Final_redhat_00001.1.el7eap
eap7-activemq-artemis-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-cli-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-commons-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-core-client-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-dto-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-hornetq-protocol-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-hqclient-protocol-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-jdbc-store-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-jms-client-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-jms-server-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-journal-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-ra-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-selector-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-server-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-service-extensions-0:2.9.0-1.redhat_00005.1.el8eap
eap7-activemq-artemis-tools-0:2.9.0-1.redhat_00005.1.el8eap
eap7-codehaus-jackson-0:1.9.13-9.redhat_00006.1.el8eap
eap7-codehaus-jackson-core-asl-0:1.9.13-9.redhat_00006.1.el8eap
eap7-codehaus-jackson-jaxrs-0:1.9.13-9.redhat_00006.1.el8eap
eap7-codehaus-jackson-mapper-asl-0:1.9.13-9.redhat_00006.1.el8eap
eap7-codehaus-jackson-xc-0:1.9.13-9.redhat_00006.1.el8eap
eap7-glassfish-jsf-0:2.3.5-4.SP3_redhat_00002.1.el8eap
eap7-hal-console-0:3.0.16-1.Final_redhat_00001.1.el8eap
eap7-hibernate-0:5.3.11-2.SP1_redhat_00001.1.el8eap
eap7-hibernate-core-0:5.3.11-2.SP1_redhat_00001.1.el8eap
eap7-hibernate-entitymanager-0:5.3.11-2.SP1_redhat_00001.1.el8eap
eap7-hibernate-envers-0:5.3.11-2.SP1_redhat_00001.1.el8eap
eap7-hibernate-java8-0:5.3.11-2.SP1_redhat_00001.1.el8eap
eap7-infinispan-0:9.3.7-1.Final_redhat_00001.1.el8eap
eap7-infinispan-cachestore-jdbc-0:9.3.7-1.Final_redhat_00001.1.el8eap
eap7-infinispan-cachestore-remote-0:9.3.7-1.Final_redhat_00001.1.el8eap
eap7-infinispan-client-hotrod-0:9.3.7-1.Final_redhat_00001.1.el8eap
eap7-infinispan-commons-0:9.3.7-1.Final_redhat_00001.1.el8eap
eap7-infinispan-core-0:9.3.7-1.Final_redhat_00001.1.el8eap
eap7-infinispan-hibernate-cache-commons-0:9.3.7-1.Final_redhat_00001.1.el8eap
eap7-infinispan-hibernate-cache-spi-0:9.3.7-1.Final_redhat_00001.1.el8eap
eap7-infinispan-hibernate-cache-v53-0:9.3.7-1.Final_redhat_00001.1.el8eap
eap7-ironjacamar-0:1.4.17-1.Final_redhat_00001.1.el8eap
eap7-ironjacamar-common-api-0:1.4.17-1.Final_redhat_00001.1.el8eap
eap7-ironjacamar-common-impl-0:1.4.17-1.Final_redhat_00001.1.el8eap
eap7-ironjacamar-common-spi-0:1.4.17-1.Final_redhat_00001.1.el8eap
eap7-ironjacamar-core-api-0:1.4.17-1.Final_redhat_00001.1.el8eap
eap7-ironjacamar-core-impl-0:1.4.17-1.Final_redhat_00001.1.el8eap
eap7-ironjacamar-deployers-common-0:1.4.17-1.Final_redhat_00001.1.el8eap
eap7-ironjacamar-jdbc-0:1.4.17-1.Final_redhat_00001.1.el8eap
eap7-ironjacamar-validator-0:1.4.17-1.Final_redhat_00001.1.el8eap
eap7-jackson-annotations-0:2.9.9-1.redhat_00001.1.el8eap
eap7-jackson-core-0:2.9.9-1.redhat_00001.1.el8eap
eap7-jackson-databind-0:2.9.9.3-1.redhat_00001.1.el8eap
eap7-jackson-datatype-jdk8-0:2.9.9-1.redhat_00001.1.el8eap
eap7-jackson-datatype-jsr310-0:2.9.9-1.redhat_00001.1.el8eap
eap7-jackson-jaxrs-base-0:2.9.9-2.redhat_00001.1.el8eap
eap7-jackson-jaxrs-json-provider-0:2.9.9-2.redhat_00001.1.el8eap
eap7-jackson-module-jaxb-annotations-0:2.9.9-1.redhat_00001.1.el8eap
eap7-jackson-modules-base-0:2.9.9-1.redhat_00001.1.el8eap
eap7-jackson-modules-java8-0:2.9.9-1.redhat_00001.1.el8eap
eap7-jboss-ejb-client-0:4.0.23-1.Final_redhat_00001.1.el8eap
eap7-jboss-jaxrs-api_2.1_spec-0:1.0.3-1.Final_redhat_00001.1.el8eap
eap7-jboss-logging-0:3.3.3-1.Final_redhat_00001.1.el8eap
eap7-jboss-logmanager-0:2.1.14-1.Final_redhat_00001.1.el8eap
eap7-jboss-marshalling-0:2.0.9-1.Final_redhat_00001.1.el8eap
eap7-jboss-marshalling-river-0:2.0.9-1.Final_redhat_00001.1.el8eap
eap7-jboss-msc-0:1.4.8-1.Final_redhat_00001.1.el8eap
eap7-jboss-remoting-0:5.0.14-1.SP1_redhat_00001.1.el8eap
eap7-jboss-server-migration-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-cli-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-core-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-eap6.4-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-eap7.0-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-eap7.1-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly10.0-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly10.1-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly11.0-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly12.0-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly8.2-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly9.0-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-4.Final_redhat_00004.1.el8eap
eap7-jboss-xnio-base-0:3.7.3-1.Final_redhat_00001.1.el8eap
eap7-jgroups-0:4.0.20-1.Final_redhat_00001.1.el8eap
eap7-narayana-0:5.9.6-1.Final_redhat_00001.1.el8eap
eap7-narayana-compensations-0:5.9.6-1.Final_redhat_00001.1.el8eap
eap7-narayana-jbosstxbridge-0:5.9.6-1.Final_redhat_00001.1.el8eap
eap7-narayana-jbossxts-0:5.9.6-1.Final_redhat_00001.1.el8eap
eap7-narayana-jts-idlj-0:5.9.6-1.Final_redhat_00001.1.el8eap
eap7-narayana-jts-integration-0:5.9.6-1.Final_redhat_00001.1.el8eap
eap7-narayana-restat-api-0:5.9.6-1.Final_redhat_00001.1.el8eap
eap7-narayana-restat-bridge-0:5.9.6-1.Final_redhat_00001.1.el8eap
eap7-narayana-restat-integration-0:5.9.6-1.Final_redhat_00001.1.el8eap
eap7-narayana-restat-util-0:5.9.6-1.Final_redhat_00001.1.el8eap
eap7-narayana-txframework-0:5.9.6-1.Final_redhat_00001.1.el8eap
eap7-netty-0:4.1.34-2.Final_redhat_00002.1.el8eap
eap7-netty-all-0:4.1.34-2.Final_redhat_00002.1.el8eap
eap7-picketbox-0:5.0.3-5.Final_redhat_00004.1.el8eap
eap7-picketbox-infinispan-0:5.0.3-5.Final_redhat_00004.1.el8eap
eap7-picketlink-api-0:2.5.5-20.SP12_redhat_00007.1.el8eap
eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00007.1.el8eap
eap7-picketlink-common-0:2.5.5-20.SP12_redhat_00007.1.el8eap
eap7-picketlink-config-0:2.5.5-20.SP12_redhat_00007.1.el8eap
eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00007.1.el8eap
eap7-picketlink-idm-api-0:2.5.5-20.SP12_redhat_00007.1.el8eap
eap7-picketlink-idm-impl-0:2.5.5-20.SP12_redhat_00007.1.el8eap
eap7-picketlink-idm-simple-schema-0:2.5.5-20.SP12_redhat_00007.1.el8eap
eap7-picketlink-impl-0:2.5.5-20.SP12_redhat_00007.1.el8eap
eap7-picketlink-wildfly8-0:2.5.5-20.SP12_redhat_00007.1.el8eap
eap7-undertow-0:2.0.25-1.SP1_redhat_00001.1.el8eap
eap7-weld-core-0:3.0.6-2.Final_redhat_00002.1.el8eap
eap7-weld-core-impl-0:3.0.6-2.Final_redhat_00002.1.el8eap
eap7-weld-core-jsf-0:3.0.6-2.Final_redhat_00002.1.el8eap
eap7-weld-ejb-0:3.0.6-2.Final_redhat_00002.1.el8eap
eap7-weld-jta-0:3.0.6-2.Final_redhat_00002.1.el8eap
eap7-weld-probe-core-0:3.0.6-2.Final_redhat_00002.1.el8eap
eap7-weld-web-0:3.0.6-2.Final_redhat_00002.1.el8eap
eap7-wildfly-0:7.2.4-1.GA_redhat_00002.1.el8eap
eap7-wildfly-elytron-0:1.6.4-1.Final_redhat_00001.1.el8eap
eap7-wildfly-elytron-tool-0:1.4.3-1.Final_redhat_00001.1.el8eap
eap7-wildfly-javadocs-0:7.2.4-1.GA_redhat_00002.1.el8eap
eap7-wildfly-modules-0:7.2.4-1.GA_redhat_00002.1.el8eap
eap7-wildfly-transaction-client-0:1.1.6-2.Final_redhat_00001.1.el8eap
rh-sso7-keycloak-0:4.8.13-1.Final_redhat_00001.1.el6sso
rh-sso7-keycloak-server-0:4.8.13-1.Final_redhat_00001.1.el6sso
rh-sso7-keycloak-0:4.8.13-1.Final_redhat_00001.1.el7sso
rh-sso7-keycloak-server-0:4.8.13-1.Final_redhat_00001.1.el7sso
rh-sso7-libunix-dbus-java-0:0.8.0-2.el7sso
rh-sso7-libunix-dbus-java-debuginfo-0:0.8.0-2.el7sso
rh-sso7-libunix-dbus-java-devel-0:0.8.0-2.el7sso
rh-sso7-keycloak-0:4.8.13-1.Final_redhat_00001.1.el8sso
rh-sso7-keycloak-server-0:4.8.13-1.Final_redhat_00001.1.el8sso

Vulnerabilities > CVE-2019-14379 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2019-14379"}]}

Summary

Vulnerable Configurations

Nessus

Redhat

References

Vulnerabilities > CVE-2019-14379