Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2019-1526.NASLHistoryJun 10, 2019 - 12:00 a.m.
openSUSE Security Update : axis (openSUSE-2019-1526)
2019-06-1000:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
46.5%
This update for axis fixes the following issues :
Security issue fixed :
- CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598).
This update was imported from the SUSE:SLE-12:Update update project.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-1526.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(125793);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/16");
script_cve_id("CVE-2012-5784", "CVE-2014-3596");
script_name(english:"openSUSE Security Update : axis (openSUSE-2019-1526)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for axis fixes the following issues :
Security issue fixed :
- CVE-2012-5784, CVE-2014-3596: Fixed missing connection
hostname check against X.509 certificate name
(bsc#1134598).
This update was imported from the SUSE:SLE-12:Update update project.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134598");
script_set_attribute(attribute:"solution", value:
"Update the affected axis packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3596");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/04");
script_set_attribute(attribute:"patch_publication_date", value:"2019/06/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:axis");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:axis-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:axis-manual");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if ( rpm_check(release:"SUSE42.3", reference:"axis-1.4-300.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"axis-javadoc-1.4-300.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"axis-manual-1.4-300.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "axis / axis-javadoc / axis-manual");
}
Related
cvelist
cvelist
CVE-2014-3596
2014-08-27 00:00:00
CVE-2012-5784
2012-11-04 22:00:00
suse
suse
Security update for axis (moderate)
2019-06-03 00:00:00
Security update for axis (moderate)
2019-06-07 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1373-2)
2021-06-09 00:00:00
Debian: Security Advisory (DLA-169-1)
2023-03-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1373-1)
2021-06-09 00:00:00
cve
cve
CVE-2014-3596
2014-08-27 00:55:05
CVE-2012-5784
2012-11-04 22:55:03
osv
osv
axis - security update
2015-03-10 00:00:00
Improper Validation of Certificates in apache axis
2018-10-16 20:50:58
Man-in-the-middle attack in Apache Axis
2020-10-07 17:51:02
ibm
ibm
Security Bulletin: Two vulnerabilities exist in IBM Case Foundation and FileNet Business Process Manager (CVE-2012-5784 and CVE-2014-3596)
2018-06-17 12:12:09
debian
debian
[SECURITY] [DLA 169-1] axis security update
2015-03-10 18:47:07
ubuntucve
ubuntucve
CVE-2014-3596
2014-08-27 00:00:00
CVE-2012-5784
2012-11-04 00:00:00
f5
f5
SOL16821 - Apache Axis vulnerability CVE-2014-3596
2015-06-29 00:00:00
K16821 : Apache Axis vulnerability CVE-2014-3596
2015-11-11 00:00:00
SOL14371 - Apache Axis vulnerability CVE-2012-5784
2013-05-06 00:00:00
nessus
nessus
openSUSE Security Update : axis (openSUSE-2019-1497)
2019-06-04 00:00:00
F5 Networks BIG-IP : Apache Axis vulnerability (SOL16821)
2016-09-02 00:00:00
Debian DLA-169-1 : axis security update
2015-03-26 00:00:00
github
github
Improper Validation of Certificates in apache axis
2018-10-16 20:50:58
Man-in-the-middle attack in Apache Axis
2020-10-07 17:51:02
veracode
veracode
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 09:01:11
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 09:00:12
debiancve
debiancve
CVE-2014-3596
2014-08-27 00:55:05
CVE-2012-5784
2012-11-04 22:55:03
prion
prion
Code injection
2014-08-27 00:55:00
Design/Logic Flaw
2012-11-04 22:55:00
nvd
nvd
CVE-2014-3596
2014-08-27 00:55:05
CVE-2012-5784
2012-11-04 22:55:03
oraclelinux
oraclelinux
axis security update
2014-09-15 00:00:00
axis security update
2013-03-25 00:00:00
axis security update
2013-02-19 00:00:00
redhat
redhat
(RHSA-2013:0683) Moderate: axis security update
2013-03-25 00:00:00
(RHSA-2013:0269) Moderate: axis security update
2013-02-19 00:00:00
(RHSA-2014:1193) Important: axis security update
2014-09-15 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: axis-1.4-19.fc17
2013-02-01 17:16:41
[SECURITY] Fedora 18 Update: axis-1.4-19.fc18
2013-02-01 16:58:10
mageia
mageia
Updated axis package fixes security vulnerability
2013-07-06 18:12:34
Updated axis packages fix CVE-2014-3596
2014-12-26 20:04:58
centos
centos
axis security update
2014-09-15 16:46:18
axis security update
2013-03-25 20:27:08
amazon
amazon
Important: axis
2014-09-17 21:47:00
Medium: axis
2013-03-02 16:50:00
gitlab
gitlab
Improper Input Validation
2020-10-07 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
46.5%
Related for OPENSUSE-2019-1526.NASL