Vulnerabilities > CVE-2019-3816 - Path Traversal vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE

Summary

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

Vulnerable Configurations

Part Description Count
Application
Openwsman_Project
42
OS
Redhat
14
OS
Fedoraproject
3
OS
Opensuse
2

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Directory Traversal
    An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
  • File System Function Injection, Content Based
    An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Nessus

  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0061_OPENWSMAN.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openwsman packages installed that are affected by a vulnerability: - Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. (CVE-2019-3816) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127254
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127254
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : openwsman Vulnerability (NS-SA-2019-0061)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0061. The text
    # itself is copyright (C) ZTE, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127254);
      script_version("1.2");
      script_cvs_date("Date: 2019/10/17 14:31:04");
    
      script_cve_id("CVE-2019-3816");
      script_bugtraq_id(107368);
    
      script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : openwsman Vulnerability (NS-SA-2019-0061)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by a vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openwsman packages installed that are affected
    by a vulnerability:
    
      - Openwsman, versions up to and including 2.6.9, are
        vulnerable to arbitrary file disclosure because the
        working directory of openwsmand daemon was set to root
        directory. A remote, unauthenticated attacker can
        exploit this vulnerability by sending a specially
        crafted HTTP request to openwsman server.
        (CVE-2019-3816)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0061");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL openwsman packages. Note that updated packages may not be available yet. Please contact ZTE
    for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3816");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.04" &&
        release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.04": [
        "libwsman-devel-2.6.3-6.git4391e5c.el7_6",
        "libwsman1-2.6.3-6.git4391e5c.el7_6",
        "openwsman-client-2.6.3-6.git4391e5c.el7_6",
        "openwsman-debuginfo-2.6.3-6.git4391e5c.el7_6",
        "openwsman-perl-2.6.3-6.git4391e5c.el7_6",
        "openwsman-python-2.6.3-6.git4391e5c.el7_6",
        "openwsman-ruby-2.6.3-6.git4391e5c.el7_6",
        "openwsman-server-2.6.3-6.git4391e5c.el7_6"
      ],
      "CGSL MAIN 5.04": [
        "libwsman-devel-2.6.3-6.git4391e5c.el7_6",
        "libwsman1-2.6.3-6.git4391e5c.el7_6",
        "openwsman-client-2.6.3-6.git4391e5c.el7_6",
        "openwsman-debuginfo-2.6.3-6.git4391e5c.el7_6",
        "openwsman-perl-2.6.3-6.git4391e5c.el7_6",
        "openwsman-python-2.6.3-6.git4391e5c.el7_6",
        "openwsman-ruby-2.6.3-6.git4391e5c.el7_6",
        "openwsman-server-2.6.3-6.git4391e5c.el7_6"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openwsman");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1111.NASL
    descriptionThis update for openwsman fixes the following issues : Security issues fixed : - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Other issues addressed : - Added OpenSSL 1.1 compatibility - Compilation in debug mode fixed - Directory listing without authentication fixed (bsc#1092206). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123658
    published2019-04-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123658
    titleopenSUSE Security Update : openwsman (openSUSE-2019-1111)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1111.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123658);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/27");
    
      script_cve_id("CVE-2019-3816", "CVE-2019-3833");
    
      script_name(english:"openSUSE Security Update : openwsman (openSUSE-2019-1111)");
      script_summary(english:"Check for the openSUSE-2019-1111 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for openwsman fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2019-3816: Fixed a vulnerability in openwsmand
        deamon which could lead to arbitary file disclosure
        (bsc#1122623).
    
      - CVE-2019-3833: Fixed a vulnerability in
        process_connection() which could allow an attacker to
        trigger an infinite loop which leads to Denial of
        Service (bsc#1122623).
    
    Other issues addressed :
    
      - Added OpenSSL 1.1 compatibility
    
      - Compilation in debug mode fixed
    
      - Directory listing without authentication fixed
        (bsc#1092206).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092206"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122623"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openwsman packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwsman-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwsman3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwsman3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwsman_clientpp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwsman_clientpp1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwsman_clientpp1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-java");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-ruby-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-server-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-server-plugin-ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openwsman-server-plugin-ruby-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-openwsman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-openwsman-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:winrs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"libwsman-devel-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libwsman3-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libwsman3-debuginfo-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libwsman_clientpp-devel-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libwsman_clientpp1-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libwsman_clientpp1-debuginfo-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"openwsman-debuginfo-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"openwsman-debugsource-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"openwsman-java-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"openwsman-perl-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"openwsman-perl-debuginfo-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"openwsman-ruby-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"openwsman-ruby-debuginfo-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"openwsman-server-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"openwsman-server-debuginfo-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"openwsman-server-plugin-ruby-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"openwsman-server-plugin-ruby-debuginfo-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"python3-openwsman-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"python3-openwsman-debuginfo-2.6.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"winrs-2.6.7-lp150.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libwsman-devel / libwsman3 / libwsman3-debuginfo / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1217.NASL
    descriptionThis update for openwsman fixes the following issues : Security issues fixed : - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Other issues addressed : - Directory listing without authentication fixed (bsc#1092206). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id124108
    published2019-04-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124108
    titleopenSUSE Security Update : openwsman (openSUSE-2019-1217)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1196.NASL
    descriptionEarlier versions of Openwsman are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. (CVE-2019-3816)
    last seen2020-06-01
    modified2020-06-02
    plugin id124302
    published2019-04-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124302
    titleAmazon Linux 2 : openwsman (ALAS-2019-1196)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0972.NASL
    descriptionAn update for openwsman is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Openwsman is a project intended to provide an open source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Security Fix(es) : * openwsman: Disclosure of arbitrary files outside of the registered URIs (CVE-2019-3816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124665
    published2019-05-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124665
    titleRHEL 8 : openwsman (RHSA-2019:0972)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0638.NASL
    descriptionAn update for openwsman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Openwsman is a project intended to provide an open source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Security Fix(es) : * openwsman: Disclosure of arbitrary files outside of the registered URIs (CVE-2019-3816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124414
    published2019-05-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124414
    titleCentOS 7 : openwsman (CESA-2019:0638)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-13981-1.NASL
    descriptionThis update for openwsman fixes the following issues : Security issues fixed : CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122945
    published2019-03-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122945
    titleSUSE SLES11 Security Update : openwsman (SUSE-SU-2019:13981-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-348166F7FD.NASL
    descriptionSecurity fixes for CVE-2019-3816 and CVE-2019-3833 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123473
    published2019-03-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123473
    titleFedora 28 : openwsman (2019-348166f7fd)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1329.NASL
    descriptionAccording to the version of the openwsman packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. (CVE-2019-3816) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-05-06
    plugin id124615
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124615
    titleEulerOS 2.0 SP2 : openwsman (EulerOS-SA-2019-1329)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1331.NASL
    descriptionAccording to the version of the openwsman packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. (CVE-2019-3816) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-05-06
    plugin id124617
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124617
    titleEulerOS 2.0 SP5 : openwsman (EulerOS-SA-2019-1331)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190326_OPENWSMAN_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - openwsman: Disclosure of arbitrary files outside of the registered URIs (CVE-2019-3816)
    last seen2020-03-18
    modified2019-03-27
    plugin id123147
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123147
    titleScientific Linux Security Update : openwsman on SL7.x x86_64 (20190326)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1330.NASL
    descriptionAccording to the version of the openwsman packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. (CVE-2019-3816) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-05-06
    plugin id124616
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124616
    titleEulerOS 2.0 SP3 : openwsman (EulerOS-SA-2019-1330)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0656-1.NASL
    descriptionThis update for openwsman fixes the following issues : Security issues fixed : CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122998
    published2019-03-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122998
    titleSUSE SLED12 / SLES12 Security Update : openwsman (SUSE-SU-2019:0656-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0638.NASL
    descriptionFrom Red Hat Security Advisory 2019:0638 : An update for openwsman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Openwsman is a project intended to provide an open source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Security Fix(es) : * openwsman: Disclosure of arbitrary files outside of the registered URIs (CVE-2019-3816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id123122
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123122
    titleOracle Linux 7 : openwsman (ELSA-2019-0638)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-AF0CD1B8F7.NASL
    descriptionSecurity fixes for CVE-2019-3816 and CVE-2019-3833 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124531
    published2019-05-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124531
    titleFedora 30 : openwsman (2019-af0cd1b8f7)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0638.NASL
    descriptionAn update for openwsman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Openwsman is a project intended to provide an open source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Security Fix(es) : * openwsman: Disclosure of arbitrary files outside of the registered URIs (CVE-2019-3816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id123123
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123123
    titleRHEL 7 : openwsman (RHSA-2019:0638)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0654-1.NASL
    descriptionThis update for openwsman fixes the following issues : Security issues fixed : CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Other issues addressed: Added OpenSSL 1.1 compatibility Compilation in debug mode fixed Directory listing without authentication fixed (bsc#1092206). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122996
    published2019-03-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122996
    titleSUSE SLED15 / SLES15 Security Update : openwsman (SUSE-SU-2019:0654-1)

Redhat

advisories
  • bugzilla
    id1667070
    titleCVE-2019-3816 openwsman: Disclosure of arbitrary files outside of the registered URIs
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentlibwsman1 is earlier than 0:2.6.3-6.git4391e5c.el7_6
            ovaloval:com.redhat.rhsa:tst:20190638001
          • commentlibwsman1 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190638002
        • AND
          • commentopenwsman-client is earlier than 0:2.6.3-6.git4391e5c.el7_6
            ovaloval:com.redhat.rhsa:tst:20190638003
          • commentopenwsman-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190638004
        • AND
          • commentopenwsman-server is earlier than 0:2.6.3-6.git4391e5c.el7_6
            ovaloval:com.redhat.rhsa:tst:20190638005
          • commentopenwsman-server is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190638006
        • AND
          • commentopenwsman-python is earlier than 0:2.6.3-6.git4391e5c.el7_6
            ovaloval:com.redhat.rhsa:tst:20190638007
          • commentopenwsman-python is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190638008
        • AND
          • commentlibwsman-devel is earlier than 0:2.6.3-6.git4391e5c.el7_6
            ovaloval:com.redhat.rhsa:tst:20190638009
          • commentlibwsman-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190638010
        • AND
          • commentopenwsman-ruby is earlier than 0:2.6.3-6.git4391e5c.el7_6
            ovaloval:com.redhat.rhsa:tst:20190638011
          • commentopenwsman-ruby is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190638012
        • AND
          • commentopenwsman-perl is earlier than 0:2.6.3-6.git4391e5c.el7_6
            ovaloval:com.redhat.rhsa:tst:20190638013
          • commentopenwsman-perl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190638014
    rhsa
    idRHSA-2019:0638
    released2019-03-26
    severityImportant
    titleRHSA-2019:0638: openwsman security update (Important)
  • bugzilla
    id1667070
    titleCVE-2019-3816 openwsman: Disclosure of arbitrary files outside of the registered URIs
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentopenwsman-debugsource is earlier than 0:2.6.5-5.el8
            ovaloval:com.redhat.rhsa:tst:20190972001
          • commentopenwsman-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190972002
        • AND
          • commentlibwsman1 is earlier than 0:2.6.5-5.el8
            ovaloval:com.redhat.rhsa:tst:20190972003
          • commentlibwsman1 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190638002
        • AND
          • commentopenwsman-python3 is earlier than 0:2.6.5-5.el8
            ovaloval:com.redhat.rhsa:tst:20190972005
          • commentopenwsman-python3 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190972006
        • AND
          • commentopenwsman-server is earlier than 0:2.6.5-5.el8
            ovaloval:com.redhat.rhsa:tst:20190972007
          • commentopenwsman-server is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190638006
        • AND
          • commentopenwsman-client is earlier than 0:2.6.5-5.el8
            ovaloval:com.redhat.rhsa:tst:20190972009
          • commentopenwsman-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190638004
        • AND
          • commentlibwsman-devel is earlier than 0:2.6.5-5.el8
            ovaloval:com.redhat.rhsa:tst:20190972011
          • commentlibwsman-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190638010
    rhsa
    idRHSA-2019:0972
    released2019-05-07
    severityImportant
    titleRHSA-2019:0972: openwsman security update (Important)
rpms
  • libwsman-devel-0:2.6.3-6.git4391e5c.el7_6
  • libwsman1-0:2.6.3-6.git4391e5c.el7_6
  • openwsman-client-0:2.6.3-6.git4391e5c.el7_6
  • openwsman-debuginfo-0:2.6.3-6.git4391e5c.el7_6
  • openwsman-perl-0:2.6.3-6.git4391e5c.el7_6
  • openwsman-python-0:2.6.3-6.git4391e5c.el7_6
  • openwsman-ruby-0:2.6.3-6.git4391e5c.el7_6
  • openwsman-server-0:2.6.3-6.git4391e5c.el7_6
  • libwsman-devel-0:2.6.5-5.el8
  • libwsman1-0:2.6.5-5.el8
  • libwsman1-debuginfo-0:2.6.5-5.el8
  • openwsman-client-0:2.6.5-5.el8
  • openwsman-client-debuginfo-0:2.6.5-5.el8
  • openwsman-debuginfo-0:2.6.5-5.el8
  • openwsman-debugsource-0:2.6.5-5.el8
  • openwsman-perl-debuginfo-0:2.6.5-5.el8
  • openwsman-python3-0:2.6.5-5.el8
  • openwsman-python3-debuginfo-0:2.6.5-5.el8
  • openwsman-server-0:2.6.5-5.el8
  • openwsman-server-debuginfo-0:2.6.5-5.el8
  • rubygem-openwsman-debuginfo-0:2.6.5-5.el8