5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.7 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.8%
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
(CVE-2019-11236)
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome.
This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. (CVE-2019-11324)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1340.
#
include('compat.inc');
if (description)
{
script_id(133559);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/27");
script_cve_id("CVE-2019-11236", "CVE-2019-11324");
script_xref(name:"ALAS", value:"2020-1340");
script_name(english:"Amazon Linux AMI : python-pip (ALAS-2020-1340)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
script_set_attribute(attribute:"description", value:
"In the urllib3 library through 1.24.1 for Python, CRLF injection is
possible if the attacker controls the request parameter.
(CVE-2019-11236)
The urllib3 library before 1.24.2 for Python mishandles certain cases
where the desired set of CA certificates is different from the OS
store of CA certificates, which results in SSL connections succeeding
in situations where a verification failure is the correct outcome.
This is related to use of the ssl_context, ca_certs, or ca_certs_dir
argument. (CVE-2019-11324)");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2020-1340.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update python-pip' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11324");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/15");
script_set_attribute(attribute:"patch_publication_date", value:"2020/02/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-pip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-pip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python34-pip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python35-pip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python36-pip");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"python26-pip-9.0.3-1.27.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python27-pip-9.0.3-1.27.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python34-pip-9.0.3-1.27.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python35-pip-9.0.3-1.27.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python36-pip-9.0.3-1.27.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python26-pip / python27-pip / python34-pip / python35-pip / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
amazon | linux | python26-pip | p-cpe:/a:amazon:linux:python26-pip |
amazon | linux | python27-pip | p-cpe:/a:amazon:linux:python27-pip |
amazon | linux | python34-pip | p-cpe:/a:amazon:linux:python34-pip |
amazon | linux | python35-pip | p-cpe:/a:amazon:linux:python35-pip |
amazon | linux | python36-pip | p-cpe:/a:amazon:linux:python36-pip |
amazon | linux | cpe:/o:amazon:linux |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.7 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.8%