Lucene search
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.FEDORA_2015-4726.NASLHistoryApr 22, 2015 - 12:00 a.m.
Fedora 22 : cxf-2.7.11-1.fc22 / cxf-build-utils-2.6.0-1.fc22 / cxf-xjc-utils-2.6.2-1.fc22 / etc (2015-4726)
2015-04-2200:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
17
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
56.9%
CXF upgrade to 2.7.11.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2015-4726.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(82944);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2014-0034");
script_xref(name:"FEDORA", value:"2015-4726");
script_name(english:"Fedora 22 : cxf-2.7.11-1.fc22 / cxf-build-utils-2.6.0-1.fc22 / cxf-xjc-utils-2.6.2-1.fc22 / etc (2015-4726)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"CXF upgrade to 2.7.11.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1093529"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155256.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?4dc051dc"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155257.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?282e10d9"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155258.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?cba28eaa"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155259.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?37cce53c"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155260.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?362ad971"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cxf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cxf-build-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cxf-xjc-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jboss-connector-1.6-api");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:opensaml-java-xmltooling");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
script_set_attribute(attribute:"patch_publication_date", value:"2015/03/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/22");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC22", reference:"cxf-2.7.11-1.fc22")) flag++;
if (rpm_check(release:"FC22", reference:"cxf-build-utils-2.6.0-1.fc22")) flag++;
if (rpm_check(release:"FC22", reference:"cxf-xjc-utils-2.6.2-1.fc22")) flag++;
if (rpm_check(release:"FC22", reference:"jboss-connector-1.6-api-1.0.1-1.fc22")) flag++;
if (rpm_check(release:"FC22", reference:"opensaml-java-xmltooling-1.3.4-9.fc22")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cxf / cxf-build-utils / cxf-xjc-utils / jboss-connector-1.6-api / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | cxf | p-cpe:/a:fedoraproject:fedora:cxf |
| fedoraproject | fedora | cxf-build-utils | p-cpe:/a:fedoraproject:fedora:cxf-build-utils |
| fedoraproject | fedora | cxf-xjc-utils | p-cpe:/a:fedoraproject:fedora:cxf-xjc-utils |
| fedoraproject | fedora | jboss-connector-1.6-api | p-cpe:/a:fedoraproject:fedora:jboss-connector-1.6-api |
| fedoraproject | fedora | opensaml-java-xmltooling | p-cpe:/a:fedoraproject:fedora:opensaml-java-xmltooling |
| fedoraproject | fedora | 22 | cpe:/o:fedoraproject:fedora:22 |
Related
openvas
openvas
Fedora Update for cxf-xjc-utils FEDORA-2015-4726
2015-07-07 00:00:00
Fedora Update for jboss-connector-1.6-api FEDORA-2015-4726
2015-07-07 00:00:00
Fedora Update for cxf-build-utils FEDORA-2015-4726
2015-07-07 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: jboss-connector-1.6-api-1.0.1-1.fc22
2015-04-21 18:56:45
[SECURITY] Fedora 22 Update: cxf-xjc-utils-2.6.2-1.fc22
2015-04-21 18:56:45
[SECURITY] Fedora 22 Update: cxf-2.7.11-1.fc22
2015-04-21 18:56:45
veracode
veracode
Authentication Bypass In The SecurityTokenService
2019-01-15 08:54:53
XML External Entity (XXE)
2019-05-02 05:00:05
prion
prion
Code injection
2014-07-07 14:55:00
nvd
nvd
CVE-2014-0034
2014-07-07 14:55:03
cve
cve
CVE-2014-0034
2014-07-07 14:55:03
osv
osv
Improper Input Validation in Apache CXF
2022-05-13 01:09:20
github
github
Improper Input Validation in Apache CXF
2022-05-13 01:09:20
cvelist
cvelist
CVE-2014-0034
2014-07-07 14:00:00
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2014:0799)
2014-06-28 00:00:00
RHEL 5 : JBoss EAP (RHSA-2014:0798)
2014-06-28 00:00:00
redhat
redhat
(RHSA-2014:0799) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.4 update
2014-06-26 00:00:00
(RHSA-2014:0798) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.4 update
2014-06-26 00:00:00
(RHSA-2014:1351) Important: Red Hat JBoss Fuse/A-MQ 6.1.0 security update
2014-10-01 18:06:06
f5
f5
K15580 : Apache CXF and JBoss vulnerabilities
2014-09-11 00:00:00
SOL15580 - Apache CXF and JBoss vulnerabilities
2014-09-11 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
56.9%
Related for FEDORA_2015-4726.NASL