Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2020-1432.NASL
HistoryJun 04, 2020 - 12:00 a.m.

Amazon Linux 2 : python (ALAS-2020-1432)

2020-06-0400:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
36

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.5%

JSON

http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852)

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.(CVE-2020-8492)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1432.
#

include('compat.inc');

if (description)
{
  script_id(137089);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/08");

  script_cve_id("CVE-2018-20852", "CVE-2020-8492");
  script_xref(name:"ALAS", value:"2020-1432");

  script_name(english:"Amazon Linux 2 : python (ALAS-2020-1432)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py
in Python before 3.7.3 does not correctly validate the domain: it can
be tricked into sending existing cookies to the wrong server. An
attacker may abuse this flaw by using a server with a hostname that
has another valid hostname as a suffix (e.g., pythonicexample.com to
steal cookies for example.com). When a program uses
http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an
attacker-controlled server, existing cookies can be leaked to the
attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x
before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before
3.7.3.(CVE-2018-20852)

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7
through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct
Regular Expression Denial of Service (ReDoS) attacks against a client
because of urllib.request.AbstractBasicAuthHandler catastrophic
backtracking.(CVE-2020-8492)");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1432.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update python' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20852");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tkinter");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"AL2", reference:"python-2.7.18-1.amzn2")) flag++;
if (rpm_check(release:"AL2", reference:"python-debug-2.7.18-1.amzn2")) flag++;
if (rpm_check(release:"AL2", reference:"python-debuginfo-2.7.18-1.amzn2")) flag++;
if (rpm_check(release:"AL2", reference:"python-devel-2.7.18-1.amzn2")) flag++;
if (rpm_check(release:"AL2", reference:"python-libs-2.7.18-1.amzn2")) flag++;
if (rpm_check(release:"AL2", reference:"python-test-2.7.18-1.amzn2")) flag++;
if (rpm_check(release:"AL2", reference:"python-tools-2.7.18-1.amzn2")) flag++;
if (rpm_check(release:"AL2", reference:"tkinter-2.7.18-1.amzn2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-debug / python-debuginfo / python-devel / etc");
}
VendorProductVersionCPE
amazonlinuxpythonp-cpe:/a:amazon:linux:python
amazonlinuxpython-debugp-cpe:/a:amazon:linux:python-debug
amazonlinuxpython-debuginfop-cpe:/a:amazon:linux:python-debuginfo
amazonlinuxpython-develp-cpe:/a:amazon:linux:python-devel
amazonlinuxpython-libsp-cpe:/a:amazon:linux:python-libs
amazonlinuxpython-testp-cpe:/a:amazon:linux:python-test
amazonlinuxpython-toolsp-cpe:/a:amazon:linux:python-tools
amazonlinuxtkinterp-cpe:/a:amazon:linux:tkinter
amazonlinux2cpe:/o:amazon:linux:2

Related

amazon 5
cloudlinux 2
openvas 44
nessus 80
redhatcve 2
debian 2
nvd 2
suse 3
osv 7
oraclelinux 8
ibm 4
ubuntucve 2
cvelist 2
prion 2
cve 2
veracode 2
debiancve 2
freebsd 3
fedora 10
gentoo 1
alpinelinux 1
redhat 6
centos 3
ubuntu 3
cloudfoundry 1
amazon
amazon
Medium: python
2020-06-01 22:38:00
Medium: python, python3
2020-07-31 19:22:00
Medium: python26
2020-07-27 23:54:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2020-26116, CVE-2020-8492, CVE-2018-20852, CVE-2020-27619
2021-10-05 14:07:59
Fix of CVE: CVE-2018-20852, CVE-2020-8492, CVE-2020-26116, CVE-2020-27619
2021-09-23 12:55:16
openvas
openvas
Debian: Security Advisory (DLA-1906-1)
2019-09-01 00:00:00
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-2259)
2020-01-23 00:00:00
Python < 2.7.17, 3.x < 3.4.10, 3.5.x < 3.5.7, 3.6.x < 3.6.9, 3.7.x < 3.7.3 Cookie domain check returns incorrect results (bpo-35121) - Linux
2021-11-03 00:00:00
nessus
nessus
Debian DLA-1889-1 : python3.4 security update
2019-08-20 00:00:00
Oracle Linux 7 : python (ELSA-2019-4884)
2023-09-07 00:00:00
EulerOS 2.0 SP3 : python (EulerOS-SA-2019-2259)
2019-11-08 00:00:00
redhatcve
redhatcve
CVE-2018-20852
2019-08-12 18:21:06
CVE-2020-8492
2020-03-02 11:41:02
debian
debian
[SECURITY] [DLA 1889-1] python3.4 security update
2019-08-17 17:55:32
[SECURITY] [DLA 1906-1] python2.7 security update
2019-08-31 21:23:20
nvd
nvd
CVE-2018-20852
2019-07-13 21:15:10
CVE-2020-8492
2020-01-30 19:15:12
suse
suse
Security update for python (moderate)
2019-08-23 00:00:00
Security update for python (moderate)
2019-08-23 00:00:00
Security update for python3 (moderate)
2020-03-01 00:00:00
osv
osv
python3.4 - security update
2019-08-17 00:00:00
CVE-2018-20852
2019-07-13 21:15:10
python2.7 - security update
2019-08-31 00:00:00
oraclelinux
oraclelinux
python security update
2019-12-13 00:00:00
python security update
2019-12-13 00:00:00
python security update
2019-12-20 00:00:00
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by an information disclosure vulnerability (CVE-2018-20852)
2020-07-23 21:37:15
Security Bulletin: Vulnerability in Open Source Python affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-8492)
2021-04-27 20:49:26
Security Bulletin: Streams service for IBM Cloud Pak for Data might be affected by some underlying Python vulnerabilities
2021-06-16 19:01:03
ubuntucve
ubuntucve
CVE-2018-20852
2019-07-13 00:00:00
CVE-2020-8492
2020-01-30 00:00:00
cvelist
cvelist
CVE-2018-20852
2019-07-13 20:29:42
CVE-2020-8492
2020-01-30 00:00:00
prion
prion
Design/Logic Flaw
2019-07-13 21:15:00
Code injection
2020-01-30 19:15:00
cve
cve
CVE-2018-20852
2019-07-13 21:15:10
CVE-2020-8492
2020-01-30 19:15:12
veracode
veracode
Information Disclosure
2019-11-07 00:19:06
Denial Of Service (DoS)
2020-08-06 21:33:11
debiancve
debiancve
CVE-2018-20852
2019-07-13 21:15:10
CVE-2020-8492
2020-01-30 19:15:12
freebsd
freebsd
Python -- Regular Expression DoS attack against client
2019-11-17 00:00:00
tauthon -- Regular Expression Denial of Service
2020-01-30 00:00:00
Python -- multiple vulnerabilities
2019-10-24 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: python38-3.8.3-1.fc31
2020-05-29 02:27:10
[SECURITY] Fedora 32 Update: python3-3.8.3-1.fc32
2020-05-26 03:14:58
[SECURITY] Fedora 32 Update: python36-3.6.11-1.fc32
2020-07-04 01:14:28
gentoo
gentoo
Python: Denial of service
2020-05-14 00:00:00
alpinelinux
alpinelinux
CVE-2020-8492
2020-01-30 19:15:12
redhat
redhat
(RHSA-2019:3948) Moderate: python27-python security, bug fix, and enhancement update
2019-11-25 08:47:12
(RHSA-2020:1131) Moderate: python security update
2020-03-31 09:22:44
(RHSA-2020:1132) Moderate: python3 security update
2020-03-31 09:22:54
centos
centos
python, tkinter security update
2020-04-08 19:09:30
python3 security update
2020-04-08 19:10:03
python3 security update
2020-10-20 18:48:39
ubuntu
ubuntu
Python vulnerabilities
2020-04-21 00:00:00
Python vulnerabilities
2020-04-30 00:00:00
Python vulnerabilities
2021-12-17 00:00:00
cloudfoundry
cloudfoundry
USN-4333-1: Python vulnerabilities | Cloud Foundry
2020-05-14 00:00:00

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.5%

JSON
Related for AL2_ALAS-2020-1432.NASL
amazon5cloudlinux2openvas44nessus80redhatcve2debian2nvd2suse3osv7oraclelinux8ibm4ubuntucve2cvelist2prion2cve2veracode2debiancve2freebsd3fedora10gentoo1alpinelinux1redhat6centos3ubuntu3cloudfoundry1