Vulnerabilities > CVE-2019-17531 - Deserialization of Untrusted Data vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
fasterxml
debian
redhat
oracle
netapp
CWE-502
critical
nessus

Summary

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.

Vulnerable Configurations

Part Description Count
Application
Fasterxml
131
Application
Redhat
2
Application
Oracle
46
Application
Netapp
2
OS
Debian
1
OS
Redhat
3

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0160.NASL
    descriptionAn update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es) : * undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888) * jboss-cli: JBoss EAP: Vault system property security attribute value is revealed on CLI
    last seen2020-06-01
    modified2020-06-02
    plugin id133157
    published2020-01-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133157
    titleRHEL 7 : JBoss EAP (RHSA-2020:0160)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0160. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133157);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/24");
    
      script_cve_id("CVE-2019-10219", "CVE-2019-14540", "CVE-2019-14885", "CVE-2019-14888", "CVE-2019-14892", "CVE-2019-14893", "CVE-2019-16335", "CVE-2019-16869", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17267", "CVE-2019-17531");
      script_xref(name:"RHSA", value:"2020:0160");
    
      script_name(english:"RHEL 7 : JBoss EAP (RHSA-2020:0160)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update is now available for Red Hat JBoss Enterprise Application
    Platform 7.2 for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
    applications based on the WildFly application runtime.
    
    This release of Red Hat JBoss Enterprise Application Platform 7.2.6
    serves as a replacement for Red Hat JBoss Enterprise Application
    Platform 7.2.5, and includes bug fixes and enhancements. See the Red
    Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for
    information about the most significant bug fixes and enhancements
    included in this release.
    
    Security Fix(es) :
    
    * undertow: possible Denial Of Service (DOS) in Undertow HTTP server
    listening on HTTPS (CVE-2019-14888)
    
    * jboss-cli: JBoss EAP: Vault system property security attribute value
    is revealed on CLI 'reload' command (CVE-2019-14885)
    
    * netty: HTTP request smuggling by mishandled whitespace before the
    colon in HTTP headers (CVE-2019-16869)
    
    * jackson-databind: polymorphic typing issue related to
    com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
    
    * jackson-databind: Serialization gadgets in classes of the
    commons-dbcp package (CVE-2019-16942)
    
    * jackson-databind: Serialization gadgets in classes of the
    commons-configuration package (CVE-2019-14892)
    
    * jackson-databind: polymorphic typing issue related to
    com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
    
    * jackson-databind: Serialization gadgets in classes of the p6spy
    package (CVE-2019-16943)
    
    * jackson-databind: polymorphic typing issue when enabling default
    typing for an externally exposed JSON endpoint and having
    apache-log4j-extra in the classpath leads to code execution
    (CVE-2019-17531)
    
    * jackson-databind: Serialization gadgets in classes of the xalan
    package (CVE-2019-14893)
    
    * hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
    
    * jackson-databind: Serialization gadgets in classes of the ehcache
    package (CVE-2019-17267)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/documentation/en-us/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0160"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-10219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14892"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16335"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16869"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16942"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16943"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-17267"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-17531"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-services");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hal-console");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-validator");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-validator-cdi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-annotations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-dataformats-binary");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-dataformats-text");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jdk8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jsr310");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-json-provider");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-module-jaxb-annotations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-java8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jberet");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jberet-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-jsf-api_2.3_spec");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly13.0-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly14.0-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-xnio-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-undertow");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-undertow-jastow");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-impl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-jsf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-ejb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-jta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-probe-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-web");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0160";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"eap7-jboss"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss EAP");
    
      if (rpm_check(release:"RHEL7", reference:"eap7-apache-cxf-3.2.11-1.redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-apache-cxf-rt-3.2.11-1.redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-apache-cxf-services-3.2.11-1.redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-apache-cxf-tools-3.2.11-1.redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-glassfish-jsf-2.3.5-6.SP3_redhat_00004.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-hal-console-3.0.19-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-hibernate-5.3.14-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-hibernate-core-5.3.14-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-hibernate-entitymanager-5.3.14-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-hibernate-envers-5.3.14-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-hibernate-java8-5.3.14-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-hibernate-validator-6.0.18-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-hibernate-validator-cdi-6.0.18-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jackson-annotations-2.9.10-1.redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jackson-core-2.9.10-1.redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jackson-databind-2.9.10.1-1.redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jackson-dataformats-binary-2.9.10-1.redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jackson-dataformats-text-2.9.10-1.redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jackson-datatype-jdk8-2.9.10-1.redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jackson-datatype-jsr310-2.9.10-1.redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jackson-jaxrs-base-2.9.10-1.redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jackson-jaxrs-json-provider-2.9.10-1.redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jackson-module-jaxb-annotations-2.9.10-2.redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jackson-modules-base-2.9.10-2.redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jackson-modules-java8-2.9.10-1.redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jberet-1.3.5-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jberet-core-1.3.5-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-ejb-client-4.0.27-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-jsf-api_2.3_spec-2.3.5-3.SP2_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-cli-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-core-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap6.4-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap7.0-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap7.1-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-eap7.2-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly10.0-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly10.1-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly11.0-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly12.0-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly13.0-server-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly14.0-server-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly8.2-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly9.0-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-jboss-xnio-base-3.7.6-3.SP2_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-netty-4.1.42-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-netty-all-4.1.42-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-picketlink-bindings-2.5.5-21.SP12_redhat_00010.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-picketlink-wildfly8-2.5.5-21.SP12_redhat_00010.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-undertow-2.0.28-2.SP1_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-undertow-jastow-2.0.8-1.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-weld-core-3.0.6-3.Final_redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-weld-core-impl-3.0.6-3.Final_redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-weld-core-jsf-3.0.6-3.Final_redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-weld-ejb-3.0.6-3.Final_redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-weld-jta-3.0.6-3.Final_redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-weld-probe-core-3.0.6-3.Final_redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-weld-web-3.0.6-3.Final_redhat_00003.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-7.2.6-5.GA_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-http-client-common-1.0.18-2.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-http-ejb-client-1.0.18-2.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-http-naming-client-1.0.18-2.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-http-transaction-client-1.0.18-2.Final_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-java-jdk11-7.2.6-5.GA_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-java-jdk8-7.2.6-5.GA_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-javadocs-7.2.6-5.GA_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-modules-7.2.6-5.GA_redhat_00001.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"eap7-wildfly-transaction-client-1.1.8-1.Final_redhat_00001.1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "eap7-apache-cxf / eap7-apache-cxf-rt / eap7-apache-cxf-services / etc");
      }
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2030.NASL
    descriptionMore deserialization flaws were discovered in jackson-databind which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id131963
    published2019-12-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131963
    titleDebian DLA-2030-1 : jackson-databind security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-2030-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131963);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/16");
    
      script_cve_id("CVE-2019-17267", "CVE-2019-17531");
    
      script_name(english:"Debian DLA-2030-1 : jackson-databind security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "More deserialization flaws were discovered in jackson-databind which
    could allow an unauthenticated user to perform remote code execution.
    The issue was resolved by extending the blacklist and blocking more
    classes from polymorphic deserialization.
    
    For Debian 8 'Jessie', these problems have been fixed in version
    2.4.2-2+deb8u10.
    
    We recommend that you upgrade your jackson-databind packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/jackson-databind"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjackson2-databind-java");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjackson2-databind-java-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libjackson2-databind-java", reference:"2.4.2-2+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"libjackson2-databind-java-doc", reference:"2.4.2-2+deb8u10")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0159.NASL
    descriptionAn update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es) : * undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888) * jboss-cli: JBoss EAP: Vault system property security attribute value is revealed on CLI
    last seen2020-06-01
    modified2020-06-02
    plugin id133156
    published2020-01-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133156
    titleRHEL 6 : JBoss EAP (RHSA-2020:0159)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0159. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133156);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/24");
    
      script_cve_id("CVE-2019-10219", "CVE-2019-14540", "CVE-2019-14885", "CVE-2019-14888", "CVE-2019-14892", "CVE-2019-14893", "CVE-2019-16335", "CVE-2019-16869", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17267", "CVE-2019-17531");
      script_xref(name:"RHSA", value:"2020:0159");
    
      script_name(english:"RHEL 6 : JBoss EAP (RHSA-2020:0159)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update is now available for Red Hat JBoss Enterprise Application
    Platform 7.2 for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
    applications based on the WildFly application runtime.
    
    This release of Red Hat JBoss Enterprise Application Platform 7.2.6
    serves as a replacement for Red Hat JBoss Enterprise Application
    Platform 7.2.5, and includes bug fixes and enhancements. See the Red
    Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for
    information about the most significant bug fixes and enhancements
    included in this release.
    
    Security Fix(es) :
    
    * undertow: possible Denial Of Service (DOS) in Undertow HTTP server
    listening on HTTPS (CVE-2019-14888)
    
    * jboss-cli: JBoss EAP: Vault system property security attribute value
    is revealed on CLI 'reload' command (CVE-2019-14885)
    
    * netty: HTTP request smuggling by mishandled whitespace before the
    colon in HTTP headers (CVE-2019-16869)
    
    * jackson-databind: polymorphic typing issue related to
    com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
    
    * jackson-databind: Serialization gadgets in classes of the
    commons-dbcp package (CVE-2019-16942)
    
    * jackson-databind: Serialization gadgets in classes of the
    commons-configuration package (CVE-2019-14892)
    
    * jackson-databind: polymorphic typing issue related to
    com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
    
    * jackson-databind: Serialization gadgets in classes of the p6spy
    package (CVE-2019-16943)
    
    * jackson-databind: polymorphic typing issue when enabling default
    typing for an externally exposed JSON endpoint and having
    apache-log4j-extra in the classpath leads to code execution
    (CVE-2019-17531)
    
    * jackson-databind: Serialization gadgets in classes of the xalan
    package (CVE-2019-14893)
    
    * hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
    
    * jackson-databind: Serialization gadgets in classes of the ehcache
    package (CVE-2019-17267)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/documentation/en-us/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0159"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-10219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14892"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16335"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16869"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16942"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16943"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-17267"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-17531"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-services");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hal-console");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-validator");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-validator-cdi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-annotations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-dataformats-binary");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-dataformats-text");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jdk8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jsr310");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-json-provider");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-module-jaxb-annotations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-java8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jberet");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jberet-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-jsf-api_2.3_spec");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly13.0-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly14.0-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-xnio-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-undertow");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-undertow-jastow");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-impl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-jsf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-ejb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-jta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-probe-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-web");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0159";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL6", rpm:"eap7-jboss"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss EAP");
    
      if (rpm_check(release:"RHEL6", reference:"eap7-apache-cxf-3.2.11-1.redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-apache-cxf-rt-3.2.11-1.redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-apache-cxf-services-3.2.11-1.redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-apache-cxf-tools-3.2.11-1.redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-glassfish-jsf-2.3.5-6.SP3_redhat_00004.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-hal-console-3.0.19-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-hibernate-5.3.14-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-hibernate-core-5.3.14-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-hibernate-entitymanager-5.3.14-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-hibernate-envers-5.3.14-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-hibernate-java8-5.3.14-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-hibernate-validator-6.0.18-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-hibernate-validator-cdi-6.0.18-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jackson-annotations-2.9.10-1.redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jackson-core-2.9.10-1.redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jackson-databind-2.9.10.1-1.redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jackson-dataformats-binary-2.9.10-1.redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jackson-dataformats-text-2.9.10-1.redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jackson-datatype-jdk8-2.9.10-1.redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jackson-datatype-jsr310-2.9.10-1.redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jackson-jaxrs-base-2.9.10-1.redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jackson-jaxrs-json-provider-2.9.10-1.redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jackson-module-jaxb-annotations-2.9.10-2.redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jackson-modules-base-2.9.10-2.redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jackson-modules-java8-2.9.10-1.redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jberet-1.3.5-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jberet-core-1.3.5-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-ejb-client-4.0.27-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-jsf-api_2.3_spec-2.3.5-3.SP2_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-cli-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-core-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-eap6.4-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-eap7.0-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-eap7.1-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-eap7.2-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly10.0-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly10.1-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly11.0-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly12.0-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly13.0-server-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly14.0-server-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly8.2-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly9.0-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-jboss-xnio-base-3.7.6-3.SP2_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-netty-4.1.42-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-netty-all-4.1.42-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-picketlink-bindings-2.5.5-21.SP12_redhat_00010.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-picketlink-wildfly8-2.5.5-21.SP12_redhat_00010.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-undertow-2.0.28-2.SP1_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-undertow-jastow-2.0.8-1.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-weld-core-3.0.6-3.Final_redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-weld-core-impl-3.0.6-3.Final_redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-weld-core-jsf-3.0.6-3.Final_redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-weld-ejb-3.0.6-3.Final_redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-weld-jta-3.0.6-3.Final_redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-weld-probe-core-3.0.6-3.Final_redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-weld-web-3.0.6-3.Final_redhat_00003.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-wildfly-7.2.6-5.GA_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-wildfly-http-client-common-1.0.18-2.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-wildfly-http-ejb-client-1.0.18-2.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-wildfly-http-naming-client-1.0.18-2.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-wildfly-http-transaction-client-1.0.18-2.Final_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-wildfly-javadocs-7.2.6-5.GA_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-wildfly-modules-7.2.6-5.GA_redhat_00001.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"eap7-wildfly-transaction-client-1.1.8-1.Final_redhat_00001.1.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "eap7-apache-cxf / eap7-apache-cxf-rt / eap7-apache-cxf-services / etc");
      }
    }
    
  • NASL familyCGI abuses
    NASL idORACLE_PRIMAVERA_GATEWAY_CPU_APR_2020.NASL
    descriptionThe version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by the following vulnerabilities as referenced in the April 2020 CPU advisory: - In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. However, this characteristic of the PropertyUtilsBean was not used by default. (CVE-2019-10086) - The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. (CVE-2019-12402) - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. (CVE-2019-16943) - Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass. (CVE-2019-17195) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-08
    modified2020-04-15
    plugin id135583
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135583
    titleOracle Primavera Gateway (Apr 2020 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(135583);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/06");
    
      script_cve_id(
        "CVE-2019-10086",
        "CVE-2019-12402",
        "CVE-2019-16942",
        "CVE-2019-16943",
        "CVE-2019-17195",
        "CVE-2019-17531"
      );
      script_xref(name:"IAVA", value:"2020-A-0140");
    
      script_name(english:"Oracle Primavera Gateway (Apr 2020 CPU)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is affected by multiple vulnerabilities");
      script_set_attribute(attribute:"description", value:
    "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by
    the following vulnerabilities as referenced in the April 2020 CPU advisory:
    
      - In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows
        suppressing the ability for an attacker to access the classloader via the class property available on all
        Java objects. However, this characteristic of the PropertyUtilsBean was not used by default.
        (CVE-2019-10086)
    
      - The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an
        infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an
        attacker can choose the file names inside of an archive created by Compress. (CVE-2019-12402)
    
      - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default
        Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and
        the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint
        to access, it is possible to make the service execute a malicious payload. This issue exists because of
        com.p6spy.engine.spy.P6DataSource mishandling. (CVE-2019-16943)
    
      - Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which
        could result in an application crash (potential information disclosure) or a potential authentication
        bypass. (CVE-2019-17195)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2020.html");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the April 2020 Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16943");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/15");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/a:oracle:primavera_gateway");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_primavera_gateway.nbin");
      script_require_keys("installed_sw/Oracle Primavera Gateway");
      script_require_ports("Services/www", 8006);
    
      exit(0);
    }
    
    include('http.inc');
    include('vcf.inc');
    
    get_install_count(app_name:'Oracle Primavera Gateway', exit_if_zero:TRUE);
    
    port = get_http_port(default:8006);
    
    app_info = vcf::get_app_info(app:'Oracle Primavera Gateway', port:port);
    
    vcf::check_granularity(app_info:app_info, sig_segments:2);
    
    constraints = [
      { 'min_version' : '16.2.0',
        'max_version' : '16.2.11',
        'fixed_display' : 'Upgrade to the latest version or contact customer support for more information.'
      },
      { 'min_version' : '17.12.0', 'fixed_version' : '17.12.7' },
      { 'min_version' : '18.8.0',  'fixed_version' : '18.8.8.9' },
      { 'min_version' : '19.12.0', 'fixed_version' : '19.12.4' }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0161.NASL
    descriptionAn update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es) : * undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888) * jboss-cli: JBoss EAP: Vault system property security attribute value is revealed on CLI
    last seen2020-06-01
    modified2020-06-02
    plugin id133158
    published2020-01-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133158
    titleRHEL 8 : JBoss EAP (RHSA-2020:0161)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0161. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133158);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/24");
    
      script_cve_id("CVE-2019-10219", "CVE-2019-14540", "CVE-2019-14885", "CVE-2019-14888", "CVE-2019-14892", "CVE-2019-14893", "CVE-2019-16335", "CVE-2019-16869", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17267", "CVE-2019-17531");
      script_xref(name:"RHSA", value:"2020:0161");
    
      script_name(english:"RHEL 8 : JBoss EAP (RHSA-2020:0161)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update is now available for Red Hat JBoss Enterprise Application
    Platform 7.2 for Red Hat Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
    applications based on the WildFly application runtime.
    
    This release of Red Hat JBoss Enterprise Application Platform 7.2.6
    serves as a replacement for Red Hat JBoss Enterprise Application
    Platform 7.2.5, and includes bug fixes and enhancements. See the Red
    Hat JBoss Enterprise Application Platform 7.2.6 Release Notes for
    information about the most significant bug fixes and enhancements
    included in this release.
    
    Security Fix(es) :
    
    * undertow: possible Denial Of Service (DOS) in Undertow HTTP server
    listening on HTTPS (CVE-2019-14888)
    
    * jboss-cli: JBoss EAP: Vault system property security attribute value
    is revealed on CLI 'reload' command (CVE-2019-14885)
    
    * netty: HTTP request smuggling by mishandled whitespace before the
    colon in HTTP headers (CVE-2019-16869)
    
    * jackson-databind: polymorphic typing issue related to
    com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
    
    * jackson-databind: Serialization gadgets in classes of the
    commons-dbcp package (CVE-2019-16942)
    
    * jackson-databind: Serialization gadgets in classes of the
    commons-configuration package (CVE-2019-14892)
    
    * jackson-databind: polymorphic typing issue related to
    com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
    
    * jackson-databind: Serialization gadgets in classes of the p6spy
    package (CVE-2019-16943)
    
    * jackson-databind: polymorphic typing issue when enabling default
    typing for an externally exposed JSON endpoint and having
    apache-log4j-extra in the classpath leads to code execution
    (CVE-2019-17531)
    
    * jackson-databind: Serialization gadgets in classes of the xalan
    package (CVE-2019-14893)
    
    * hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
    
    * jackson-databind: Serialization gadgets in classes of the ehcache
    package (CVE-2019-17267)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0161"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-10219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14892"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16335"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16869"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16942"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16943"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-17267"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-17531"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-services");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hal-console");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-validator");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-validator-cdi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-annotations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-dataformats-binary");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-dataformats-text");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jdk8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jsr310");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-json-provider");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-module-jaxb-annotations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-java8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jberet");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jberet-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-jsf-api_2.3_spec");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly13.0-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly14.0-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0-to-eap7.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jboss-xnio-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-undertow");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-undertow-jastow");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-impl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-jsf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-ejb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-jta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-probe-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-weld-web");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0161";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL8", rpm:"eap7-jboss"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss EAP");
    
      if (rpm_check(release:"RHEL8", reference:"eap7-apache-cxf-3.2.11-1.redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-apache-cxf-rt-3.2.11-1.redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-apache-cxf-services-3.2.11-1.redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-apache-cxf-tools-3.2.11-1.redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-glassfish-jsf-2.3.5-6.SP3_redhat_00004.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-hal-console-3.0.19-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-hibernate-5.3.14-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-hibernate-core-5.3.14-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-hibernate-entitymanager-5.3.14-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-hibernate-envers-5.3.14-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-hibernate-java8-5.3.14-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-hibernate-validator-6.0.18-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-hibernate-validator-cdi-6.0.18-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jackson-annotations-2.9.10-1.redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jackson-core-2.9.10-1.redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jackson-databind-2.9.10.1-1.redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jackson-dataformats-binary-2.9.10-1.redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jackson-dataformats-text-2.9.10-1.redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jackson-datatype-jdk8-2.9.10-1.redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jackson-datatype-jsr310-2.9.10-1.redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jackson-jaxrs-base-2.9.10-1.redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jackson-jaxrs-json-provider-2.9.10-1.redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jackson-module-jaxb-annotations-2.9.10-2.redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jackson-modules-base-2.9.10-2.redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jackson-modules-java8-2.9.10-1.redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jberet-1.3.5-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jberet-core-1.3.5-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-ejb-client-4.0.27-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-jsf-api_2.3_spec-2.3.5-3.SP2_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-cli-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-core-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-eap6.4-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-eap7.0-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-eap7.1-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-eap7.2-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly10.0-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly10.1-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly11.0-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly12.0-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly13.0-server-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly14.0-server-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly8.2-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly9.0-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-7.Final_redhat_00007.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-jboss-xnio-base-3.7.6-3.SP2_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-netty-4.1.42-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-netty-all-4.1.42-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-picketlink-bindings-2.5.5-21.SP12_redhat_00010.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-picketlink-wildfly8-2.5.5-21.SP12_redhat_00010.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-undertow-2.0.28-2.SP1_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-undertow-jastow-2.0.8-1.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-weld-core-3.0.6-3.Final_redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-weld-core-impl-3.0.6-3.Final_redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-weld-core-jsf-3.0.6-3.Final_redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-weld-ejb-3.0.6-3.Final_redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-weld-jta-3.0.6-3.Final_redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-weld-probe-core-3.0.6-3.Final_redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-weld-web-3.0.6-3.Final_redhat_00003.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-wildfly-7.2.6-5.GA_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-wildfly-http-client-common-1.0.18-2.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-wildfly-http-ejb-client-1.0.18-2.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-wildfly-http-naming-client-1.0.18-2.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-wildfly-http-transaction-client-1.0.18-2.Final_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-wildfly-javadocs-7.2.6-5.GA_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-wildfly-modules-7.2.6-5.GA_redhat_00001.1.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"eap7-wildfly-transaction-client-1.1.8-1.Final_redhat_00001.1.el8")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "eap7-apache-cxf / eap7-apache-cxf-rt / eap7-apache-cxf-services / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1644.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1644 advisory. - jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540) - jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource (CVE-2019-16335) - jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942) - jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943) - jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-21
    modified2020-04-28
    plugin id136041
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136041
    titleRHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2020:1644)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1644. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136041);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20");
    
      script_cve_id(
        "CVE-2019-14540",
        "CVE-2019-16335",
        "CVE-2019-16942",
        "CVE-2019-16943",
        "CVE-2019-17531"
      );
      script_xref(name:"RHSA", value:"2020:1644");
    
      script_name(english:"RHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2020:1644)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:1644 advisory.
    
      - jackson-databind: Serialization gadgets in
        com.zaxxer.hikari.HikariConfig (CVE-2019-14540)
    
      - jackson-databind: Serialization gadgets in
        com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
    
      - jackson-databind: Serialization gadgets in
        org.apache.commons.dbcp.datasources.* (CVE-2019-16942)
    
      - jackson-databind: Serialization gadgets in
        com.p6spy.engine.spy.P6DataSource (CVE-2019-16943)
    
      - jackson-databind: Serialization gadgets in
        org.apache.log4j.receivers.db.* (CVE-2019-17531)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/502.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/200.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/502.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/200.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/502.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/200.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/502.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/200.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1644");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-14540");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-16335");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-16942");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-16943");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-17531");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1755831");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1755849");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1758187");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1758191");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1775293");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17531");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(20, 200, 502);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/28");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bea-stax-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-fastinfoset");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb-runtime");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jaxb-txw2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jackson-annotations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jackson-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jackson-databind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jackson-jaxrs-json-provider");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jackson-jaxrs-providers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jackson-module-jaxb-annotations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jakarta-commons-httpclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:javassist");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:javassist-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jss-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jss-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ldapjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ldapjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pki-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pki-base-java");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pki-ca");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pki-core-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pki-kra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pki-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pki-servlet-4.0-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pki-servlet-engine");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pki-symkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pki-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-nss-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-nss-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-pki");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:relaxngDatatype");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:resteasy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:slf4j");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:slf4j-jdk14");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:stax-ex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcatjss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:velocity");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xalan-j2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xerces-j2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xml-commons-apis");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xml-commons-resolver");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xmlstreambuffer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xsom");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    appstreams = {
        'pki-deps:10.6': [
          {'reference':'apache-commons-collections-3.2.2-10.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'apache-commons-lang-2.6-21.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'bea-stax-api-1.2.0-16.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'glassfish-fastinfoset-1.2.13-9.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'glassfish-jaxb-api-2.2.12-8.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'glassfish-jaxb-core-2.2.11-11.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'glassfish-jaxb-runtime-2.2.11-11.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'glassfish-jaxb-txw2-2.2.11-11.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'jackson-annotations-2.10.0-1.module+el8.2.0+5059+3eb3af25', 'release':'8'},
          {'reference':'jackson-core-2.10.0-1.module+el8.2.0+5059+3eb3af25', 'release':'8'},
          {'reference':'jackson-databind-2.10.0-1.module+el8.2.0+5059+3eb3af25', 'release':'8'},
          {'reference':'jackson-jaxrs-json-provider-2.9.9-1.module+el8.1.0+3832+9784644d', 'release':'8'},
          {'reference':'jackson-jaxrs-providers-2.9.9-1.module+el8.1.0+3832+9784644d', 'release':'8'},
          {'reference':'jackson-module-jaxb-annotations-2.7.6-4.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'jakarta-commons-httpclient-3.1-28.module+el8.1.0+3366+6dfb954c', 'release':'8', 'epoch':'1'},
          {'reference':'javassist-3.18.1-8.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'javassist-javadoc-3.18.1-8.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'pki-servlet-4.0-api-9.0.7-16.module+el8.1.0+3366+6dfb954c', 'release':'8', 'epoch':'1'},
          {'reference':'pki-servlet-engine-9.0.7-16.module+el8.1.0+3366+6dfb954c', 'release':'8', 'epoch':'1'},
          {'reference':'python-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c', 'cpu':'aarch64', 'release':'8'},
          {'reference':'python-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c', 'cpu':'s390x', 'release':'8'},
          {'reference':'python-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c', 'cpu':'x86_64', 'release':'8'},
          {'reference':'python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c', 'cpu':'aarch64', 'release':'8'},
          {'reference':'python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c', 'cpu':'s390x', 'release':'8'},
          {'reference':'python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c', 'cpu':'x86_64', 'release':'8'},
          {'reference':'python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c', 'cpu':'aarch64', 'release':'8'},
          {'reference':'python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c', 'cpu':'s390x', 'release':'8'},
          {'reference':'python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c', 'cpu':'x86_64', 'release':'8'},
          {'reference':'relaxngDatatype-2011.1-7.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'resteasy-3.0.26-3.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'slf4j-1.7.25-4.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'slf4j-jdk14-1.7.25-4.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'stax-ex-1.7.7-8.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'velocity-1.7-24.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'xalan-j2-2.7.1-38.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'xerces-j2-2.11.0-34.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'xml-commons-apis-1.4.01-25.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'xml-commons-resolver-1.2-26.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'xmlstreambuffer-1.5.4-8.module+el8.1.0+3366+6dfb954c', 'release':'8'},
          {'reference':'xsom-0-19.20110809svn.module+el8.1.0+3366+6dfb954c', 'release':'8'}
        ],
        'pki-core:10.6': [
          {'reference':'jss-4.6.2-4.module+el8.2.0+6123+b4678599', 'cpu':'aarch64', 'release':'8'},
          {'reference':'jss-4.6.2-4.module+el8.2.0+6123+b4678599', 'cpu':'s390x', 'release':'8'},
          {'reference':'jss-4.6.2-4.module+el8.2.0+6123+b4678599', 'cpu':'x86_64', 'release':'8'},
          {'reference':'jss-debugsource-4.6.2-4.module+el8.2.0+6123+b4678599', 'cpu':'aarch64', 'release':'8'},
          {'reference':'jss-debugsource-4.6.2-4.module+el8.2.0+6123+b4678599', 'cpu':'s390x', 'release':'8'},
          {'reference':'jss-debugsource-4.6.2-4.module+el8.2.0+6123+b4678599', 'cpu':'x86_64', 'release':'8'},
          {'reference':'jss-javadoc-4.6.2-4.module+el8.2.0+6123+b4678599', 'cpu':'aarch64', 'release':'8'},
          {'reference':'jss-javadoc-4.6.2-4.module+el8.2.0+6123+b4678599', 'cpu':'s390x', 'release':'8'},
          {'reference':'jss-javadoc-4.6.2-4.module+el8.2.0+6123+b4678599', 'cpu':'x86_64', 'release':'8'},
          {'reference':'ldapjdk-4.21.0-2.module+el8.2.0+4573+c3c38c7b', 'release':'8'},
          {'reference':'ldapjdk-javadoc-4.21.0-2.module+el8.2.0+4573+c3c38c7b', 'release':'8'},
          {'reference':'pki-base-10.8.3-1.module+el8.2.0+5925+bad5981a', 'release':'8'},
          {'reference':'pki-base-java-10.8.3-1.module+el8.2.0+5925+bad5981a', 'release':'8'},
          {'reference':'pki-ca-10.8.3-1.module+el8.2.0+5925+bad5981a', 'release':'8'},
          {'reference':'pki-core-debugsource-10.8.3-1.module+el8.2.0+5925+bad5981a', 'cpu':'aarch64', 'release':'8'},
          {'reference':'pki-core-debugsource-10.8.3-1.module+el8.2.0+5925+bad5981a', 'cpu':'s390x', 'release':'8'},
          {'reference':'pki-core-debugsource-10.8.3-1.module+el8.2.0+5925+bad5981a', 'cpu':'x86_64', 'release':'8'},
          {'reference':'pki-kra-10.8.3-1.module+el8.2.0+5925+bad5981a', 'release':'8'},
          {'reference':'pki-server-10.8.3-1.module+el8.2.0+5925+bad5981a', 'release':'8'},
          {'reference':'pki-symkey-10.8.3-1.module+el8.2.0+5925+bad5981a', 'cpu':'aarch64', 'release':'8'},
          {'reference':'pki-symkey-10.8.3-1.module+el8.2.0+5925+bad5981a', 'cpu':'s390x', 'release':'8'},
          {'reference':'pki-symkey-10.8.3-1.module+el8.2.0+5925+bad5981a', 'cpu':'x86_64', 'release':'8'},
          {'reference':'pki-tools-10.8.3-1.module+el8.2.0+5925+bad5981a', 'cpu':'aarch64', 'release':'8'},
          {'reference':'pki-tools-10.8.3-1.module+el8.2.0+5925+bad5981a', 'cpu':'s390x', 'release':'8'},
          {'reference':'pki-tools-10.8.3-1.module+el8.2.0+5925+bad5981a', 'cpu':'x86_64', 'release':'8'},
          {'reference':'python3-pki-10.8.3-1.module+el8.2.0+5925+bad5981a', 'release':'8'},
          {'reference':'tomcatjss-7.4.1-2.module+el8.2.0+4573+c3c38c7b', 'release':'8'}
        ],
    };
    
    flag = 0;
    appstreams_found = 0;
    foreach module (keys(appstreams)) {
      appstream = NULL;
      appstream_name = NULL;
      appstream_version = NULL;
      appstream_split = split(module, sep:':', keep:FALSE);
      if (!empty_or_null(appstream_split)) {
        appstream_name = appstream_split[0];
        appstream_version = appstream_split[1];
        appstream = get_kb_item('Host/RedHat/appstream/' + appstream_name);
      }
      if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
        appstreams_found++;
        foreach package_array ( appstreams[module] ) {
          reference = NULL;
          release = NULL;
          sp = NULL;
          cpu = NULL;
          el_string = NULL;
          rpm_spec_vers_cmp = NULL;
          epoch = NULL;
          if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
          if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
          if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
          if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
          if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
          if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
          if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
          if (reference && release) {
            if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
          }
        }
      }
    }
    
    if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module pki-core:10.6 / pki-deps:10.6');
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache-commons-collections / apache-commons-lang / bea-stax-api / etc');
    }
    

Redhat

advisories
  • bugzilla
    id1809210
    titleTPS installation failure on HSM machine
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentModule pki-deps:10.6 is enabled
            ovaloval:com.redhat.rhsa:tst:20191529069
          • OR
            • AND
              • commentpython3-nss is earlier than 0:1.0.1-10.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644001
              • commentpython3-nss is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529002
            • AND
              • commentpython-nss-doc is earlier than 0:1.0.1-10.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644003
              • commentpython-nss-doc is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529004
            • AND
              • commentpython-nss-debugsource is earlier than 0:1.0.1-10.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644005
              • commentpython-nss-debugsource is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529006
            • AND
              • commentxsom is earlier than 0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644007
              • commentxsom is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529008
            • AND
              • commentxmlstreambuffer is earlier than 0:1.5.4-8.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644009
              • commentxmlstreambuffer is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529010
            • AND
              • commentxml-commons-resolver is earlier than 0:1.2-26.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644011
              • commentxml-commons-resolver is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529012
            • AND
              • commentxml-commons-apis is earlier than 0:1.4.01-25.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644013
              • commentxml-commons-apis is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529014
            • AND
              • commentxerces-j2 is earlier than 0:2.11.0-34.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644015
              • commentxerces-j2 is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20110858006
            • AND
              • commentxalan-j2 is earlier than 0:2.7.1-38.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644017
              • commentxalan-j2 is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20140348013
            • AND
              • commentvelocity is earlier than 0:1.7-24.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644019
              • commentvelocity is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529020
            • AND
              • commentstax-ex is earlier than 0:1.7.7-8.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644021
              • commentstax-ex is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529022
            • AND
              • commentslf4j-jdk14 is earlier than 0:1.7.25-4.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644023
              • commentslf4j-jdk14 is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529024
            • AND
              • commentslf4j is earlier than 0:1.7.25-4.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644025
              • commentslf4j is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20180592002
            • AND
              • commentresteasy is earlier than 0:3.0.26-3.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644027
              • commentresteasy is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529028
            • AND
              • commentrelaxngDatatype is earlier than 0:2011.1-7.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644029
              • commentrelaxngDatatype is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529030
            • AND
              • commentpki-servlet-engine is earlier than 1:9.0.7-16.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644031
              • commentpki-servlet-engine is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20201644032
            • AND
              • commentpki-servlet-4.0-api is earlier than 1:9.0.7-16.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644033
              • commentpki-servlet-4.0-api is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529034
            • AND
              • commentjavassist-javadoc is earlier than 0:3.18.1-8.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644035
              • commentjavassist-javadoc is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529036
            • AND
              • commentjavassist is earlier than 0:3.18.1-8.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644037
              • commentjavassist is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529038
            • AND
              • commentjakarta-commons-httpclient is earlier than 1:3.1-28.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644039
              • commentjakarta-commons-httpclient is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20130270017
            • AND
              • commentjackson-module-jaxb-annotations is earlier than 0:2.7.6-4.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644041
              • commentjackson-module-jaxb-annotations is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529042
            • AND
              • commentjackson-jaxrs-providers is earlier than 0:2.9.9-1.module+el8.1.0+3832+9784644d
                ovaloval:com.redhat.rhsa:tst:20201644043
              • commentjackson-jaxrs-providers is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529044
            • AND
              • commentjackson-jaxrs-json-provider is earlier than 0:2.9.9-1.module+el8.1.0+3832+9784644d
                ovaloval:com.redhat.rhsa:tst:20201644045
              • commentjackson-jaxrs-json-provider is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529046
            • AND
              • commentjackson-databind is earlier than 0:2.10.0-1.module+el8.2.0+5059+3eb3af25
                ovaloval:com.redhat.rhsa:tst:20201644047
              • commentjackson-databind is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529048
            • AND
              • commentjackson-core is earlier than 0:2.10.0-1.module+el8.2.0+5059+3eb3af25
                ovaloval:com.redhat.rhsa:tst:20201644049
              • commentjackson-core is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529050
            • AND
              • commentjackson-annotations is earlier than 0:2.10.0-1.module+el8.2.0+5059+3eb3af25
                ovaloval:com.redhat.rhsa:tst:20201644051
              • commentjackson-annotations is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529052
            • AND
              • commentglassfish-jaxb-txw2 is earlier than 0:2.2.11-11.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644053
              • commentglassfish-jaxb-txw2 is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529054
            • AND
              • commentglassfish-jaxb-runtime is earlier than 0:2.2.11-11.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644055
              • commentglassfish-jaxb-runtime is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529056
            • AND
              • commentglassfish-jaxb-core is earlier than 0:2.2.11-11.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644057
              • commentglassfish-jaxb-core is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529058
            • AND
              • commentglassfish-jaxb-api is earlier than 0:2.2.12-8.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644059
              • commentglassfish-jaxb-api is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529060
            • AND
              • commentglassfish-fastinfoset is earlier than 0:1.2.13-9.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644061
              • commentglassfish-fastinfoset is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529062
            • AND
              • commentbea-stax-api is earlier than 0:1.2.0-16.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644063
              • commentbea-stax-api is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529064
            • AND
              • commentapache-commons-lang is earlier than 0:2.6-21.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644065
              • commentapache-commons-lang is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20191529066
            • AND
              • commentapache-commons-collections is earlier than 0:3.2.2-10.module+el8.1.0+3366+6dfb954c
                ovaloval:com.redhat.rhsa:tst:20201644067
              • commentapache-commons-collections is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20152522006
        • AND
          • commentModule pki-core:10.6 is enabled
            ovaloval:com.redhat.rhsa:tst:20201644100
          • OR
            • AND
              • commentpki-tools is earlier than 0:10.8.3-1.module+el8.2.0+5925+bad5981a
                ovaloval:com.redhat.rhsa:tst:20201644070
              • commentpki-tools is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20172335002
            • AND
              • commentpki-symkey is earlier than 0:10.8.3-1.module+el8.2.0+5925+bad5981a
                ovaloval:com.redhat.rhsa:tst:20201644072
              • commentpki-symkey is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20130511022
            • AND
              • commentpki-core-debugsource is earlier than 0:10.8.3-1.module+el8.2.0+5925+bad5981a
                ovaloval:com.redhat.rhsa:tst:20201644074
              • commentpki-core-debugsource is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20201644075
            • AND
              • commentjss-javadoc is earlier than 0:4.6.2-4.module+el8.2.0+6123+b4678599
                ovaloval:com.redhat.rhsa:tst:20201644076
              • commentjss-javadoc is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20193067002
            • AND
              • commentjss-debugsource is earlier than 0:4.6.2-4.module+el8.2.0+6123+b4678599
                ovaloval:com.redhat.rhsa:tst:20201644078
              • commentjss-debugsource is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20201644079
            • AND
              • commentjss is earlier than 0:4.6.2-4.module+el8.2.0+6123+b4678599
                ovaloval:com.redhat.rhsa:tst:20201644080
              • commentjss is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20193067004
            • AND
              • commenttomcatjss is earlier than 0:7.4.1-2.module+el8.2.0+4573+c3c38c7b
                ovaloval:com.redhat.rhsa:tst:20201644082
              • commenttomcatjss is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20201644083
            • AND
              • commentpython3-pki is earlier than 0:10.8.3-1.module+el8.2.0+5925+bad5981a
                ovaloval:com.redhat.rhsa:tst:20201644084
              • commentpython3-pki is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20201644085
            • AND
              • commentpki-server is earlier than 0:10.8.3-1.module+el8.2.0+5925+bad5981a
                ovaloval:com.redhat.rhsa:tst:20201644086
              • commentpki-server is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20172335016
            • AND
              • commentpki-kra is earlier than 0:10.8.3-1.module+el8.2.0+5925+bad5981a
                ovaloval:com.redhat.rhsa:tst:20201644088
              • commentpki-kra is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20172335014
            • AND
              • commentpki-ca is earlier than 0:10.8.3-1.module+el8.2.0+5925+bad5981a
                ovaloval:com.redhat.rhsa:tst:20201644090
              • commentpki-ca is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20130511004
            • AND
              • commentpki-base-java is earlier than 0:10.8.3-1.module+el8.2.0+5925+bad5981a
                ovaloval:com.redhat.rhsa:tst:20201644092
              • commentpki-base-java is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20172335012
            • AND
              • commentpki-base is earlier than 0:10.8.3-1.module+el8.2.0+5925+bad5981a
                ovaloval:com.redhat.rhsa:tst:20201644094
              • commentpki-base is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20172335008
            • AND
              • commentldapjdk-javadoc is earlier than 0:4.21.0-2.module+el8.2.0+4573+c3c38c7b
                ovaloval:com.redhat.rhsa:tst:20201644096
              • commentldapjdk-javadoc is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20201644097
            • AND
              • commentldapjdk is earlier than 0:4.21.0-2.module+el8.2.0+4573+c3c38c7b
                ovaloval:com.redhat.rhsa:tst:20201644098
              • commentldapjdk is signed with Red Hat redhatrelease2 key
                ovaloval:com.redhat.rhsa:tst:20201644099
    rhsa
    idRHSA-2020:1644
    released2020-04-28
    severityModerate
    titleRHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate)
  • rhsa
    idRHSA-2019:4192
  • rhsa
    idRHSA-2020:0159
  • rhsa
    idRHSA-2020:0160
  • rhsa
    idRHSA-2020:0161
  • rhsa
    idRHSA-2020:0164
  • rhsa
    idRHSA-2020:0445
rpms
  • rh-maven35-jackson-databind-0:2.7.6-2.8.el7
  • rh-maven35-jackson-databind-javadoc-0:2.7.6-2.8.el7
  • eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap
  • eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el6eap
  • eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el6eap
  • eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el6eap
  • eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap
  • eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap
  • eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap
  • eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el6eap
  • eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el6eap
  • eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el6eap
  • eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el6eap
  • eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap
  • eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el6eap
  • eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap
  • eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap
  • eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap
  • eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap
  • eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap
  • eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el6eap
  • eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el6eap
  • eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el6eap
  • eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el6eap
  • eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el6eap
  • eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap
  • eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap
  • eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap
  • eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el6eap
  • eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap
  • eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap
  • eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el6eap
  • eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap
  • eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap
  • eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el6eap
  • eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap
  • eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el6eap
  • eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap
  • eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap
  • eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap
  • eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el6eap
  • eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el6eap
  • eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el6eap
  • eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el6eap
  • eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el6eap
  • eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el6eap
  • eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap
  • eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el6eap
  • eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el6eap
  • eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el6eap
  • eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el6eap
  • eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el6eap
  • eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el6eap
  • eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap
  • eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap
  • eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el7eap
  • eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el7eap
  • eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el7eap
  • eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap
  • eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap
  • eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap
  • eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el7eap
  • eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el7eap
  • eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el7eap
  • eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el7eap
  • eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap
  • eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el7eap
  • eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap
  • eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap
  • eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap
  • eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap
  • eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap
  • eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el7eap
  • eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el7eap
  • eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el7eap
  • eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el7eap
  • eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el7eap
  • eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap
  • eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap
  • eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap
  • eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el7eap
  • eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap
  • eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap
  • eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el7eap
  • eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap
  • eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap
  • eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el7eap
  • eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap
  • eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el7eap
  • eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap
  • eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap
  • eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap
  • eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el7eap
  • eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el7eap
  • eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el7eap
  • eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el7eap
  • eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el7eap
  • eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el7eap
  • eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap
  • eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el7eap
  • eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el7eap
  • eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el7eap
  • eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el7eap
  • eap7-wildfly-java-jdk11-0:7.2.6-5.GA_redhat_00001.1.el7eap
  • eap7-wildfly-java-jdk8-0:7.2.6-5.GA_redhat_00001.1.el7eap
  • eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el7eap
  • eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el7eap
  • eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap
  • eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap
  • eap7-apache-cxf-rt-0:3.2.11-1.redhat_00001.1.el8eap
  • eap7-apache-cxf-services-0:3.2.11-1.redhat_00001.1.el8eap
  • eap7-apache-cxf-tools-0:3.2.11-1.redhat_00001.1.el8eap
  • eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap
  • eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap
  • eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap
  • eap7-hibernate-core-0:5.3.14-1.Final_redhat_00001.1.el8eap
  • eap7-hibernate-entitymanager-0:5.3.14-1.Final_redhat_00001.1.el8eap
  • eap7-hibernate-envers-0:5.3.14-1.Final_redhat_00001.1.el8eap
  • eap7-hibernate-java8-0:5.3.14-1.Final_redhat_00001.1.el8eap
  • eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap
  • eap7-hibernate-validator-cdi-0:6.0.18-1.Final_redhat_00001.1.el8eap
  • eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap
  • eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap
  • eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap
  • eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap
  • eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap
  • eap7-jackson-datatype-jdk8-0:2.9.10-1.redhat_00003.1.el8eap
  • eap7-jackson-datatype-jsr310-0:2.9.10-1.redhat_00003.1.el8eap
  • eap7-jackson-jaxrs-base-0:2.9.10-1.redhat_00003.1.el8eap
  • eap7-jackson-jaxrs-json-provider-0:2.9.10-1.redhat_00003.1.el8eap
  • eap7-jackson-module-jaxb-annotations-0:2.9.10-2.redhat_00003.1.el8eap
  • eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap
  • eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap
  • eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap
  • eap7-jberet-core-0:1.3.5-1.Final_redhat_00001.1.el8eap
  • eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap
  • eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap
  • eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-cli-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-core-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-eap6.4-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-eap7.0-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-eap7.1-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly10.0-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly10.1-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly11.0-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly12.0-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly8.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly9.0-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-7.Final_redhat_00007.1.el8eap
  • eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap
  • eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap
  • eap7-netty-all-0:4.1.42-1.Final_redhat_00001.1.el8eap
  • eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap
  • eap7-picketlink-wildfly8-0:2.5.5-21.SP12_redhat_00010.1.el8eap
  • eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap
  • eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap
  • eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap
  • eap7-weld-core-impl-0:3.0.6-3.Final_redhat_00003.1.el8eap
  • eap7-weld-core-jsf-0:3.0.6-3.Final_redhat_00003.1.el8eap
  • eap7-weld-ejb-0:3.0.6-3.Final_redhat_00003.1.el8eap
  • eap7-weld-jta-0:3.0.6-3.Final_redhat_00003.1.el8eap
  • eap7-weld-probe-core-0:3.0.6-3.Final_redhat_00003.1.el8eap
  • eap7-weld-web-0:3.0.6-3.Final_redhat_00003.1.el8eap
  • eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap
  • eap7-wildfly-http-client-common-0:1.0.18-2.Final_redhat_00001.1.el8eap
  • eap7-wildfly-http-ejb-client-0:1.0.18-2.Final_redhat_00001.1.el8eap
  • eap7-wildfly-http-naming-client-0:1.0.18-2.Final_redhat_00001.1.el8eap
  • eap7-wildfly-http-transaction-client-0:1.0.18-2.Final_redhat_00001.1.el8eap
  • eap7-wildfly-javadocs-0:7.2.6-5.GA_redhat_00001.1.el8eap
  • eap7-wildfly-modules-0:7.2.6-5.GA_redhat_00001.1.el8eap
  • eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap
  • apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c
  • apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c
  • bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c
  • glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c
  • glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c
  • glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c
  • glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c
  • glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c
  • jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25
  • jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25
  • jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25
  • jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d
  • jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d
  • jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c
  • jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c
  • javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c
  • javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c
  • jss-0:4.6.2-4.module+el8.2.0+6123+b4678599
  • jss-debuginfo-0:4.6.2-4.module+el8.2.0+6123+b4678599
  • jss-debugsource-0:4.6.2-4.module+el8.2.0+6123+b4678599
  • jss-javadoc-0:4.6.2-4.module+el8.2.0+6123+b4678599
  • ldapjdk-0:4.21.0-2.module+el8.2.0+4573+c3c38c7b
  • ldapjdk-javadoc-0:4.21.0-2.module+el8.2.0+4573+c3c38c7b
  • pki-base-0:10.8.3-1.module+el8.2.0+5925+bad5981a
  • pki-base-java-0:10.8.3-1.module+el8.2.0+5925+bad5981a
  • pki-ca-0:10.8.3-1.module+el8.2.0+5925+bad5981a
  • pki-core-debuginfo-0:10.8.3-1.module+el8.2.0+5925+bad5981a
  • pki-core-debugsource-0:10.8.3-1.module+el8.2.0+5925+bad5981a
  • pki-kra-0:10.8.3-1.module+el8.2.0+5925+bad5981a
  • pki-server-0:10.8.3-1.module+el8.2.0+5925+bad5981a
  • pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c
  • pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c
  • pki-symkey-0:10.8.3-1.module+el8.2.0+5925+bad5981a
  • pki-symkey-debuginfo-0:10.8.3-1.module+el8.2.0+5925+bad5981a
  • pki-tools-0:10.8.3-1.module+el8.2.0+5925+bad5981a
  • pki-tools-debuginfo-0:10.8.3-1.module+el8.2.0+5925+bad5981a
  • python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c
  • python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c
  • python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c
  • python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c
  • python3-pki-0:10.8.3-1.module+el8.2.0+5925+bad5981a
  • relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c
  • resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c
  • slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c
  • slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c
  • stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c
  • tomcatjss-0:7.4.1-2.module+el8.2.0+4573+c3c38c7b
  • velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c
  • xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c
  • xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c
  • xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c
  • xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c
  • xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c
  • xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c

References