Vulnerabilities > CVE-2019-3816 - Path Traversal vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Relative Path Traversal An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
- Directory Traversal An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
- File System Function Injection, Content Based An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
- Using Slashes and URL Encoding Combined to Bypass Validation Logic This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
- Manipulating Input to File System Calls An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Nessus
NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0061_OPENWSMAN.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openwsman packages installed that are affected by a vulnerability: - Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. (CVE-2019-3816) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127254 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127254 title NewStart CGSL CORE 5.04 / MAIN 5.04 : openwsman Vulnerability (NS-SA-2019-0061) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0061. The text # itself is copyright (C) ZTE, Inc. include("compat.inc"); if (description) { script_id(127254); script_version("1.2"); script_cvs_date("Date: 2019/10/17 14:31:04"); script_cve_id("CVE-2019-3816"); script_bugtraq_id(107368); script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : openwsman Vulnerability (NS-SA-2019-0061)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by a vulnerability."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openwsman packages installed that are affected by a vulnerability: - Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. (CVE-2019-3816) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0061"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL openwsman packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3816"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL CORE 5.04" && release !~ "CGSL MAIN 5.04") audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL CORE 5.04": [ "libwsman-devel-2.6.3-6.git4391e5c.el7_6", "libwsman1-2.6.3-6.git4391e5c.el7_6", "openwsman-client-2.6.3-6.git4391e5c.el7_6", "openwsman-debuginfo-2.6.3-6.git4391e5c.el7_6", "openwsman-perl-2.6.3-6.git4391e5c.el7_6", "openwsman-python-2.6.3-6.git4391e5c.el7_6", "openwsman-ruby-2.6.3-6.git4391e5c.el7_6", "openwsman-server-2.6.3-6.git4391e5c.el7_6" ], "CGSL MAIN 5.04": [ "libwsman-devel-2.6.3-6.git4391e5c.el7_6", "libwsman1-2.6.3-6.git4391e5c.el7_6", "openwsman-client-2.6.3-6.git4391e5c.el7_6", "openwsman-debuginfo-2.6.3-6.git4391e5c.el7_6", "openwsman-perl-2.6.3-6.git4391e5c.el7_6", "openwsman-python-2.6.3-6.git4391e5c.el7_6", "openwsman-ruby-2.6.3-6.git4391e5c.el7_6", "openwsman-server-2.6.3-6.git4391e5c.el7_6" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openwsman"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1111.NASL description This update for openwsman fixes the following issues : Security issues fixed : - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Other issues addressed : - Added OpenSSL 1.1 compatibility - Compilation in debug mode fixed - Directory listing without authentication fixed (bsc#1092206). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123658 published 2019-04-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123658 title openSUSE Security Update : openwsman (openSUSE-2019-1111) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1111. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(123658); script_version("1.2"); script_cvs_date("Date: 2020/01/27"); script_cve_id("CVE-2019-3816", "CVE-2019-3833"); script_name(english:"openSUSE Security Update : openwsman (openSUSE-2019-1111)"); script_summary(english:"Check for the openSUSE-2019-1111 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for openwsman fixes the following issues : Security issues fixed : - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Other issues addressed : - Added OpenSSL 1.1 compatibility - Compilation in debug mode fixed - Directory listing without authentication fixed (bsc#1092206). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092206" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122623" ); script_set_attribute( attribute:"solution", value:"Update the affected openwsman packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwsman-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwsman3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwsman3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwsman_clientpp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwsman_clientpp1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwsman_clientpp1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-perl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-ruby-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-server-plugin-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-server-plugin-ruby-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-openwsman"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-openwsman-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:winrs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"libwsman-devel-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libwsman3-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libwsman3-debuginfo-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libwsman_clientpp-devel-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libwsman_clientpp1-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libwsman_clientpp1-debuginfo-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"openwsman-debuginfo-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"openwsman-debugsource-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"openwsman-java-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"openwsman-perl-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"openwsman-perl-debuginfo-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"openwsman-ruby-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"openwsman-ruby-debuginfo-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"openwsman-server-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"openwsman-server-debuginfo-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"openwsman-server-plugin-ruby-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"openwsman-server-plugin-ruby-debuginfo-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"python3-openwsman-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"python3-openwsman-debuginfo-2.6.7-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"winrs-2.6.7-lp150.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libwsman-devel / libwsman3 / libwsman3-debuginfo / etc"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1217.NASL description This update for openwsman fixes the following issues : Security issues fixed : - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Other issues addressed : - Directory listing without authentication fixed (bsc#1092206). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 124108 published 2019-04-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124108 title openSUSE Security Update : openwsman (openSUSE-2019-1217) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1196.NASL description Earlier versions of Openwsman are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. (CVE-2019-3816) last seen 2020-06-01 modified 2020-06-02 plugin id 124302 published 2019-04-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124302 title Amazon Linux 2 : openwsman (ALAS-2019-1196) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0972.NASL description An update for openwsman is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Openwsman is a project intended to provide an open source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Security Fix(es) : * openwsman: Disclosure of arbitrary files outside of the registered URIs (CVE-2019-3816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 124665 published 2019-05-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124665 title RHEL 8 : openwsman (RHSA-2019:0972) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-0638.NASL description An update for openwsman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Openwsman is a project intended to provide an open source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Security Fix(es) : * openwsman: Disclosure of arbitrary files outside of the registered URIs (CVE-2019-3816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 124414 published 2019-05-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124414 title CentOS 7 : openwsman (CESA-2019:0638) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-13981-1.NASL description This update for openwsman fixes the following issues : Security issues fixed : CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122945 published 2019-03-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122945 title SUSE SLES11 Security Update : openwsman (SUSE-SU-2019:13981-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-348166F7FD.NASL description Security fixes for CVE-2019-3816 and CVE-2019-3833 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123473 published 2019-03-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123473 title Fedora 28 : openwsman (2019-348166f7fd) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1329.NASL description According to the version of the openwsman packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. (CVE-2019-3816) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-05-06 plugin id 124615 published 2019-05-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124615 title EulerOS 2.0 SP2 : openwsman (EulerOS-SA-2019-1329) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1331.NASL description According to the version of the openwsman packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. (CVE-2019-3816) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-05-06 plugin id 124617 published 2019-05-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124617 title EulerOS 2.0 SP5 : openwsman (EulerOS-SA-2019-1331) NASL family Scientific Linux Local Security Checks NASL id SL_20190326_OPENWSMAN_ON_SL7_X.NASL description Security Fix(es) : - openwsman: Disclosure of arbitrary files outside of the registered URIs (CVE-2019-3816) last seen 2020-03-18 modified 2019-03-27 plugin id 123147 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123147 title Scientific Linux Security Update : openwsman on SL7.x x86_64 (20190326) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1330.NASL description According to the version of the openwsman packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. (CVE-2019-3816) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-05-06 plugin id 124616 published 2019-05-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124616 title EulerOS 2.0 SP3 : openwsman (EulerOS-SA-2019-1330) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0656-1.NASL description This update for openwsman fixes the following issues : Security issues fixed : CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122998 published 2019-03-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122998 title SUSE SLED12 / SLES12 Security Update : openwsman (SUSE-SU-2019:0656-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0638.NASL description From Red Hat Security Advisory 2019:0638 : An update for openwsman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Openwsman is a project intended to provide an open source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Security Fix(es) : * openwsman: Disclosure of arbitrary files outside of the registered URIs (CVE-2019-3816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 123122 published 2019-03-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123122 title Oracle Linux 7 : openwsman (ELSA-2019-0638) NASL family Fedora Local Security Checks NASL id FEDORA_2019-AF0CD1B8F7.NASL description Security fixes for CVE-2019-3816 and CVE-2019-3833 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124531 published 2019-05-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124531 title Fedora 30 : openwsman (2019-af0cd1b8f7) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0638.NASL description An update for openwsman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Openwsman is a project intended to provide an open source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Security Fix(es) : * openwsman: Disclosure of arbitrary files outside of the registered URIs (CVE-2019-3816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 123123 published 2019-03-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123123 title RHEL 7 : openwsman (RHSA-2019:0638) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0654-1.NASL description This update for openwsman fixes the following issues : Security issues fixed : CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Other issues addressed: Added OpenSSL 1.1 compatibility Compilation in debug mode fixed Directory listing without authentication fixed (bsc#1092206). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122996 published 2019-03-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122996 title SUSE SLED15 / SLES15 Security Update : openwsman (SUSE-SU-2019:0654-1)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3816
- http://bugzilla.suse.com/show_bug.cgi?id=1122623
- http://www.securityfocus.com/bid/107368
- http://www.securityfocus.com/bid/107409
- https://access.redhat.com/errata/RHSA-2019:0638
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html
- https://access.redhat.com/errata/RHSA-2019:0972
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2HEZ7D7GF3HDF36JLGYXIK5URR66DS4/