Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2021-3956.NASLHistoryOct 26, 2021 - 12:00 a.m.
RHEL 7 : xstream (RHSA-2021:3956)
2021-10-2600:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.969 High
EPSS
Percentile
99.7%
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3956 advisory.
-
xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139, CVE-2021-39153)
-
xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140)
-
xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141)
-
xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144)
-
xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145, CVE-2021-39151)
-
xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146, CVE-2021-39154)
-
xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147)
-
xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148)
-
xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149)
-
xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150)
-
xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2021:3956. The text
# itself is copyright (C) Red Hat, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(154419);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/28");
script_cve_id(
"CVE-2021-39139",
"CVE-2021-39140",
"CVE-2021-39141",
"CVE-2021-39144",
"CVE-2021-39145",
"CVE-2021-39146",
"CVE-2021-39147",
"CVE-2021-39148",
"CVE-2021-39149",
"CVE-2021-39150",
"CVE-2021-39151",
"CVE-2021-39152",
"CVE-2021-39153",
"CVE-2021-39154"
);
script_xref(name:"RHSA", value:"2021:3956");
script_xref(name:"CEA-ID", value:"CEA-2022-0035");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/03/31");
script_name(english:"RHEL 7 : xstream (RHSA-2021:3956)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for xstream.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2021:3956 advisory.
- xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl
(CVE-2021-39139, CVE-2021-39153)
- xstream: Infinite loop DoS via unsafe deserialization of
sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140)
- xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*
(CVE-2021-39141)
- xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144)
- xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration
(CVE-2021-39145, CVE-2021-39151)
- xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue
(CVE-2021-39146, CVE-2021-39154)
- xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration
(CVE-2021-39147)
- xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator
(CVE-2021-39148)
- xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149)
- xstream: Server-side request forgery (SSRF) via unsafe deserialization of
com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150)
- xstream: Server-side request forgery (SSRF) via unsafe deserialization of
jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3956.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5d842e87");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2021:3956");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997763");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997765");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997769");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997772");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997775");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997777");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997779");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997781");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997784");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997786");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997791");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997793");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997795");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997801");
script_set_attribute(attribute:"solution", value:
"Update the RHEL xstream package based on the guidance in RHSA-2021:3956.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-39139");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'VMware NSX Manager XStream unauthenticated RCE');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_cwe_id(434, 502, 918);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/22");
script_set_attribute(attribute:"patch_publication_date", value:"2021/10/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/10/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xstream");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xstream-javadoc");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/debug',
'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/debug',
'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/os',
'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/os',
'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',
'content/dist/rhel/client/7/7.9/x86_64/debug',
'content/dist/rhel/client/7/7.9/x86_64/optional/debug',
'content/dist/rhel/client/7/7.9/x86_64/optional/os',
'content/dist/rhel/client/7/7.9/x86_64/optional/source/SRPMS',
'content/dist/rhel/client/7/7.9/x86_64/os',
'content/dist/rhel/client/7/7.9/x86_64/source/SRPMS',
'content/dist/rhel/client/7/7Client/x86_64/debug',
'content/dist/rhel/client/7/7Client/x86_64/optional/debug',
'content/dist/rhel/client/7/7Client/x86_64/optional/os',
'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',
'content/dist/rhel/client/7/7Client/x86_64/os',
'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',
'content/dist/rhel/computenode/7/7.9/x86_64/optional/debug',
'content/dist/rhel/computenode/7/7.9/x86_64/optional/os',
'content/dist/rhel/computenode/7/7.9/x86_64/optional/source/SRPMS',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',
'content/dist/rhel/power-le/7/7.9/ppc64le/debug',
'content/dist/rhel/power-le/7/7.9/ppc64le/highavailability/debug',
'content/dist/rhel/power-le/7/7.9/ppc64le/highavailability/os',
'content/dist/rhel/power-le/7/7.9/ppc64le/highavailability/source/SRPMS',
'content/dist/rhel/power-le/7/7.9/ppc64le/optional/debug',
'content/dist/rhel/power-le/7/7.9/ppc64le/optional/os',
'content/dist/rhel/power-le/7/7.9/ppc64le/optional/source/SRPMS',
'content/dist/rhel/power-le/7/7.9/ppc64le/os',
'content/dist/rhel/power-le/7/7.9/ppc64le/resilientstorage/debug',
'content/dist/rhel/power-le/7/7.9/ppc64le/resilientstorage/os',
'content/dist/rhel/power-le/7/7.9/ppc64le/resilientstorage/source/SRPMS',
'content/dist/rhel/power-le/7/7.9/ppc64le/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',
'content/dist/rhel/power/7/7.9/ppc64/debug',
'content/dist/rhel/power/7/7.9/ppc64/optional/debug',
'content/dist/rhel/power/7/7.9/ppc64/optional/os',
'content/dist/rhel/power/7/7.9/ppc64/optional/source/SRPMS',
'content/dist/rhel/power/7/7.9/ppc64/os',
'content/dist/rhel/power/7/7.9/ppc64/source/SRPMS',
'content/dist/rhel/power/7/7Server/ppc64/debug',
'content/dist/rhel/power/7/7Server/ppc64/optional/debug',
'content/dist/rhel/power/7/7Server/ppc64/optional/os',
'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',
'content/dist/rhel/power/7/7Server/ppc64/os',
'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',
'content/dist/rhel/server/7/7.9/x86_64/debug',
'content/dist/rhel/server/7/7.9/x86_64/highavailability/debug',
'content/dist/rhel/server/7/7.9/x86_64/highavailability/os',
'content/dist/rhel/server/7/7.9/x86_64/highavailability/source/SRPMS',
'content/dist/rhel/server/7/7.9/x86_64/optional/debug',
'content/dist/rhel/server/7/7.9/x86_64/optional/os',
'content/dist/rhel/server/7/7.9/x86_64/optional/source/SRPMS',
'content/dist/rhel/server/7/7.9/x86_64/os',
'content/dist/rhel/server/7/7.9/x86_64/resilientstorage/debug',
'content/dist/rhel/server/7/7.9/x86_64/resilientstorage/os',
'content/dist/rhel/server/7/7.9/x86_64/resilientstorage/source/SRPMS',
'content/dist/rhel/server/7/7.9/x86_64/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/debug',
'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',
'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',
'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/optional/debug',
'content/dist/rhel/server/7/7Server/x86_64/optional/os',
'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/os',
'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',
'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',
'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',
'content/dist/rhel/system-z/7/7.9/s390x/debug',
'content/dist/rhel/system-z/7/7.9/s390x/highavailability/debug',
'content/dist/rhel/system-z/7/7.9/s390x/highavailability/os',
'content/dist/rhel/system-z/7/7.9/s390x/highavailability/source/SRPMS',
'content/dist/rhel/system-z/7/7.9/s390x/optional/debug',
'content/dist/rhel/system-z/7/7.9/s390x/optional/os',
'content/dist/rhel/system-z/7/7.9/s390x/optional/source/SRPMS',
'content/dist/rhel/system-z/7/7.9/s390x/os',
'content/dist/rhel/system-z/7/7.9/s390x/resilientstorage/debug',
'content/dist/rhel/system-z/7/7.9/s390x/resilientstorage/os',
'content/dist/rhel/system-z/7/7.9/s390x/resilientstorage/source/SRPMS',
'content/dist/rhel/system-z/7/7.9/s390x/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/debug',
'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',
'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',
'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',
'content/dist/rhel/system-z/7/7Server/s390x/optional/os',
'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/os',
'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',
'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',
'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',
'content/dist/rhel/workstation/7/7.9/x86_64/debug',
'content/dist/rhel/workstation/7/7.9/x86_64/optional/debug',
'content/dist/rhel/workstation/7/7.9/x86_64/optional/os',
'content/dist/rhel/workstation/7/7.9/x86_64/optional/source/SRPMS',
'content/dist/rhel/workstation/7/7.9/x86_64/os',
'content/dist/rhel/workstation/7/7.9/x86_64/source/SRPMS',
'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',
'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',
'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',
'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',
'content/dist/rhel/workstation/7/7Workstation/x86_64/os',
'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',
'content/fastrack/rhel/client/7/x86_64/debug',
'content/fastrack/rhel/client/7/x86_64/optional/debug',
'content/fastrack/rhel/client/7/x86_64/optional/os',
'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/client/7/x86_64/os',
'content/fastrack/rhel/client/7/x86_64/source/SRPMS',
'content/fastrack/rhel/computenode/7/x86_64/debug',
'content/fastrack/rhel/computenode/7/x86_64/optional/debug',
'content/fastrack/rhel/computenode/7/x86_64/optional/os',
'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/computenode/7/x86_64/os',
'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',
'content/fastrack/rhel/power/7/ppc64/debug',
'content/fastrack/rhel/power/7/ppc64/optional/debug',
'content/fastrack/rhel/power/7/ppc64/optional/os',
'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',
'content/fastrack/rhel/power/7/ppc64/os',
'content/fastrack/rhel/power/7/ppc64/source/SRPMS',
'content/fastrack/rhel/server/7/x86_64/debug',
'content/fastrack/rhel/server/7/x86_64/highavailability/debug',
'content/fastrack/rhel/server/7/x86_64/highavailability/os',
'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',
'content/fastrack/rhel/server/7/x86_64/optional/debug',
'content/fastrack/rhel/server/7/x86_64/optional/os',
'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/server/7/x86_64/os',
'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',
'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',
'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',
'content/fastrack/rhel/server/7/x86_64/source/SRPMS',
'content/fastrack/rhel/system-z/7/s390x/debug',
'content/fastrack/rhel/system-z/7/s390x/optional/debug',
'content/fastrack/rhel/system-z/7/s390x/optional/os',
'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',
'content/fastrack/rhel/system-z/7/s390x/os',
'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',
'content/fastrack/rhel/workstation/7/x86_64/debug',
'content/fastrack/rhel/workstation/7/x86_64/optional/debug',
'content/fastrack/rhel/workstation/7/x86_64/optional/os',
'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/workstation/7/x86_64/os',
'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'
],
'pkgs': [
{'reference':'xstream-1.3.1-16.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'xstream-javadoc-1.3.1-16.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xstream / xstream-javadoc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
| redhat | enterprise_linux | xstream | p-cpe:/a:redhat:enterprise_linux:xstream |
| redhat | enterprise_linux | xstream-javadoc | p-cpe:/a:redhat:enterprise_linux:xstream-javadoc |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39140
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39146
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39147
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39148
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39149
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39150
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39151
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39152
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39154
www.nessus.org/u?5d842e87
access.redhat.com/errata/RHSA-2021:3956
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1997763
bugzilla.redhat.com/show_bug.cgi?id=1997765
bugzilla.redhat.com/show_bug.cgi?id=1997769
bugzilla.redhat.com/show_bug.cgi?id=1997772
bugzilla.redhat.com/show_bug.cgi?id=1997775
bugzilla.redhat.com/show_bug.cgi?id=1997777
bugzilla.redhat.com/show_bug.cgi?id=1997779
bugzilla.redhat.com/show_bug.cgi?id=1997781
bugzilla.redhat.com/show_bug.cgi?id=1997784
bugzilla.redhat.com/show_bug.cgi?id=1997786
bugzilla.redhat.com/show_bug.cgi?id=1997791
bugzilla.redhat.com/show_bug.cgi?id=1997793
bugzilla.redhat.com/show_bug.cgi?id=1997795
bugzilla.redhat.com/show_bug.cgi?id=1997801
Related
debian
debian
[SECURITY] [DLA 2769-1] libxstream-java security update
2021-09-29 23:28:17
[SECURITY] [DSA 5004-1] libxstream-java security update
2021-11-10 20:29:25
[SECURITY] [DSA 5004-1] libxstream-java security update
2021-11-10 20:29:25
nessus
nessus
openSUSE 15 Security Update : xstream (openSUSE-SU-2021:3476-1)
2021-10-21 00:00:00
Amazon Linux 2 : xstream (ALAS-2021-1729)
2021-12-10 00:00:00
suse
suse
Security update for xstream (important)
2021-10-31 00:00:00
Security update for xstream (important)
2021-10-20 00:00:00
redhat
redhat
(RHSA-2021:3956) Important: xstream security update
2021-10-25 06:30:03
(RHSA-2022:0296) Critical: Red Hat Process Automation Manager 7.12.0 security update
2022-01-26 15:49:06
(RHSA-2022:0297) Moderate: Red Hat Decision Manager 7.12.0 security update
2022-01-26 16:28:59
mageia
mageia
Updated xstream/xmlpull/mxparser packages fix security vulnerability
2021-10-13 22:39:52
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0474)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3476-1)
2021-10-21 00:00:00
Ubuntu: Security Advisory (USN-5946-1)
2023-03-13 00:00:00
amazon
amazon
Important: xstream
2021-12-08 16:28:00
ubuntu
ubuntu
XStream vulnerabilities
2023-03-13 00:00:00
ibm
ibm
osv
osv
libxstream-java vulnerabilities
2023-03-13 10:57:59
libxstream-java - security update
2021-09-29 00:00:00
libxstream-java - security update
2021-11-10 00:00:00
oraclelinux
oraclelinux
xstream security update
2021-10-25 00:00:00
githubexploit
githubexploit
fedora
fedora
[SECURITY] Fedora 33 Update: xstream-1.4.18-2.fc33
2021-10-12 23:47:14
[SECURITY] Fedora 34 Update: xstream-1.4.18-2.fc34
2021-10-12 23:45:05
[SECURITY] Fedora 35 Update: xstream-1.4.18-2.fc35
2021-10-29 23:18:39
atlassian
atlassian
XStream upgrade to 1.4.18
2021-09-10 04:35:37
XStream upgrade to 1.4.18
2021-09-10 04:35:37
cnvd
cnvd
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67826)
2021-08-23 00:00:00
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67822)
2021-08-23 00:00:00
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67825)
2021-08-23 00:00:00
ubuntucve
ubuntucve
cve
cve
nvd
nvd
debiancve
debiancve
redhatcve
redhatcve
cvelist
cvelist
CVE-2021-39147 XStream is vulnerable to an Arbitrary Code Execution attack
2021-08-23 18:05:33
CVE-2021-39146 XStream is vulnerable to an Arbitrary Code Execution attack
2021-08-23 18:05:28
CVE-2021-39148 XStream is vulnerable to an Arbitrary Code Execution attack
2021-08-23 18:05:38
veracode
veracode
Remote Code Execution (RCE)
2021-08-24 08:17:04
Remote Code Execution (RCE)
2021-08-24 06:27:20
Remote Code Execution (RCE)
2021-08-24 06:59:20
prion
prion
Code injection
2021-08-23 18:15:00
Design/Logic Flaw
2021-08-23 18:15:00
Code injection
2021-08-23 18:15:00
nuclei
nuclei
XStream 1.4.18 - Arbitrary Code Execution
2023-03-12 03:38:05
XStream 1.4.18 - Remote Code Execution
2023-03-12 03:38:05
XStream <1.4.18 - Server-Side Request Forgery
2023-03-12 03:38:05
github
github
XStream is vulnerable to an Arbitrary Code Execution attack
2021-08-25 14:46:49
XStream is vulnerable to an Arbitrary Code Execution attack
2021-08-25 14:47:28
XStream is vulnerable to an Arbitrary Code Execution attack
2021-08-25 14:48:47
cisa_kev
cisa_kev
XStream Remote Code Execution Vulnerability
2023-03-10 00:00:00
zdt
zdt
VMware NSX Manager XStream Unauthenticated Remote Code Execution Exploit
2022-11-16 00:00:00
rapid7blog
rapid7blog
hivepro
hivepro
VMware Cloud Foundation has a significant RCE flaw
2022-10-28 07:27:55
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.969 High
EPSS
Percentile
99.7%
Related for REDHAT-RHSA-2021-3956.NASL