Amazon Linux AMI : jakarta-commons-httpclient (ALAS-2013-169)

2013-09-0400:00:00

www.tenable.com

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

62.1%

JSON

The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject’s Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5783)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2013-169.
#

include("compat.inc");

if (description)
{
  script_id(69728);
  script_version("1.5");
  script_cvs_date("Date: 2018/04/18 15:09:35");

  script_cve_id("CVE-2012-5783");
  script_xref(name:"ALAS", value:"2013-169");
  script_xref(name:"RHSA", value:"2013:0270");

  script_name(english:"Amazon Linux AMI : jakarta-commons-httpclient (ALAS-2013-169)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The Jakarta Commons HttpClient component did not verify that the
server hostname matched the domain name in the subject's Common Name
(CN) or subjectAltName field in X.509 certificates. This could allow a
man-in-the-middle attacker to spoof an SSL server if they had a
certificate that was valid for any domain name. (CVE-2012-5783)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2013-169.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update jakarta-commons-httpclient' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jakarta-commons-httpclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jakarta-commons-httpclient-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jakarta-commons-httpclient-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jakarta-commons-httpclient-manual");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/03/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"jakarta-commons-httpclient-3.1-12.6.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"jakarta-commons-httpclient-demo-3.1-12.6.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"jakarta-commons-httpclient-javadoc-3.1-12.6.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"jakarta-commons-httpclient-manual-3.1-12.6.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jakarta-commons-httpclient / jakarta-commons-httpclient-demo / etc");
}

VendorProductVersionCPE
amazonlinuxjakarta-commons-httpclientp-cpe:/a:amazon:linux:jakarta-commons-httpclient
amazonlinuxjakarta-commons-httpclient-demop-cpe:/a:amazon:linux:jakarta-commons-httpclient-demo
amazonlinuxjakarta-commons-httpclient-javadocp-cpe:/a:amazon:linux:jakarta-commons-httpclient-javadoc
amazonlinuxjakarta-commons-httpclient-manualp-cpe:/a:amazon:linux:jakarta-commons-httpclient-manual
amazonlinuxcpe:/o:amazon:linux

Vendor	Product	Version	CPE
amazon	linux	jakarta-commons-httpclient	p-cpe:/a:amazon:linux:jakarta-commons-httpclient
amazon	linux	jakarta-commons-httpclient-demo	p-cpe:/a:amazon:linux:jakarta-commons-httpclient-demo
amazon	linux	jakarta-commons-httpclient-javadoc	p-cpe:/a:amazon:linux:jakarta-commons-httpclient-javadoc
amazon	linux	jakarta-commons-httpclient-manual	p-cpe:/a:amazon:linux:jakarta-commons-httpclient-manual
amazon	linux		cpe:/o:amazon:linux