Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2019-1388-1.NASLHistoryJun 03, 2019 - 12:00 a.m.
SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:1388-1)
2019-06-0300:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.684 Medium
EPSS
Percentile
98.0%
This update for MozillaFirefox fixes the following issues :
Security issues fixed :
CVE-2019-11691: Use-after-free in XMLHttpRequest
CVE-2019-11692: Use-after-free removing listeners in the event listener manager
CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
CVE-2019-7317: Use-after-free in png_image_free of libpng library
CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
CVE-2019-9816: Type confusion with object groups and UnboxedObjects
CVE-2019-9817: Stealing of cross-domain images using canvas
CVE-2019-9818: Use-after-free in crash generation server
CVE-2019-9819: Compartment mismatch with fetch API
CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
Non-security issues fixed: Font and date adjustments to accommodate the new Reiwa era in Japan
Update to Firefox ESR 60.7 (bsc#1135824)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:1388-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(125672);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/17");
script_cve_id(
"CVE-2019-11691",
"CVE-2019-11692",
"CVE-2019-11693",
"CVE-2019-11694",
"CVE-2019-11698",
"CVE-2019-7317",
"CVE-2019-9800",
"CVE-2019-9815",
"CVE-2019-9816",
"CVE-2019-9817",
"CVE-2019-9818",
"CVE-2019-9819",
"CVE-2019-9820"
);
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:1388-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for MozillaFirefox fixes the following issues :
Security issues fixed :
CVE-2019-11691: Use-after-free in XMLHttpRequest
CVE-2019-11692: Use-after-free removing listeners in the event
listener manager
CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
CVE-2019-11698: Theft of user history data through drag and drop of
hyperlinks to and from bookmarks
CVE-2019-7317: Use-after-free in png_image_free of libpng library
CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR
60.7
CVE-2019-9815: Disable hyperthreading on content JavaScript threads on
macOS
CVE-2019-9816: Type confusion with object groups and UnboxedObjects
CVE-2019-9817: Stealing of cross-domain images using canvas
CVE-2019-9818: Use-after-free in crash generation server
CVE-2019-9819: Compartment mismatch with fetch API
CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
Non-security issues fixed: Font and date adjustments to accommodate
the new Reiwa era in Japan
Update to Firefox ESR 60.7 (bsc#1135824)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135824");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11691/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11692/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11693/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11694/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11698/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-7317/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9800/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9815/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9816/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9817/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9818/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9819/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9820/");
# https://www.suse.com/support/update/announcement/2019/suse-su-20191388-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d9c97066");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE OpenStack Cloud 7:zypper in -t patch
SUSE-OpenStack-Cloud-7-2019-1388=1
SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
patch SUSE-SLE-SDK-12-SP4-2019-1388=1
SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2019-1388=1
SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
SUSE-SLE-SAP-12-SP2-2019-1388=1
SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2019-1388=1
SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
SUSE-SLE-SERVER-12-SP4-2019-1388=1
SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2019-1388=1
SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2019-1388=1
SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-BCL-2019-1388=1
SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2019-1388=1
SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2019-1388=1
SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP4-2019-1388=1
SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2019-1388=1
SUSE Enterprise Storage 4:zypper in -t patch
SUSE-Storage-4-2019-1388=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9820");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/04");
script_set_attribute(attribute:"patch_publication_date", value:"2019/05/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0|1|2|3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1/2/3/4", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3/4", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"1", reference:"MozillaFirefox-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"MozillaFirefox-debuginfo-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"MozillaFirefox-debugsource-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"MozillaFirefox-devel-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"MozillaFirefox-translations-common-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"MozillaFirefox-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"MozillaFirefox-debuginfo-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"MozillaFirefox-debugsource-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"MozillaFirefox-translations-common-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debuginfo-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debugsource-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-devel-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-translations-common-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"MozillaFirefox-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"MozillaFirefox-debuginfo-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"MozillaFirefox-debugsource-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"MozillaFirefox-translations-common-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"MozillaFirefox-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"MozillaFirefox-debuginfo-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"MozillaFirefox-debugsource-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"MozillaFirefox-devel-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"MozillaFirefox-translations-common-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"MozillaFirefox-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"MozillaFirefox-debugsource-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"MozillaFirefox-translations-common-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"MozillaFirefox-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"MozillaFirefox-debugsource-60.7.0-109.72.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"MozillaFirefox-translations-common-60.7.0-109.72.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
| novell | suse_linux | mozillafirefox-devel | p-cpe:/a:novell:suse_linux:mozillafirefox-devel |
| novell | suse_linux | mozillafirefox-debugsource | p-cpe:/a:novell:suse_linux:mozillafirefox-debugsource |
| novell | suse_linux | mozillafirefox-translations-common | p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common |
| novell | suse_linux | mozillafirefox-debuginfo | p-cpe:/a:novell:suse_linux:mozillafirefox-debuginfo |
| novell | suse_linux | mozillafirefox | p-cpe:/a:novell:suse_linux:mozillafirefox |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11694
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9818
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820
www.nessus.org/u?d9c97066
bugzilla.suse.com/show_bug.cgi?id=1135824
www.suse.com/security/cve/CVE-2019-11691/
www.suse.com/security/cve/CVE-2019-11692/
www.suse.com/security/cve/CVE-2019-11693/
www.suse.com/security/cve/CVE-2019-11694/
www.suse.com/security/cve/CVE-2019-11698/
www.suse.com/security/cve/CVE-2019-7317/
www.suse.com/security/cve/CVE-2019-9800/
www.suse.com/security/cve/CVE-2019-9815/
www.suse.com/security/cve/CVE-2019-9816/
www.suse.com/security/cve/CVE-2019-9817/
www.suse.com/security/cve/CVE-2019-9818/
www.suse.com/security/cve/CVE-2019-9819/
www.suse.com/security/cve/CVE-2019-9820/
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1405-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1388-1)
2021-04-19 00:00:00
Mozilla Firefox ESR Security Advisories (MFSA2019-09, MFSA2019-14) - Windows
2019-05-22 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1405-1)
2019-06-04 00:00:00
openSUSE Security Update : MozillaFirefox (openSUSE-2019-1534)
2019-06-11 00:00:00
openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1484)
2019-06-03 00:00:00
kaspersky
kaspersky
KLA11488 Multiple vulnerabilities in Mozilla Thunderbird
2019-05-21 00:00:00
KLA11487 Multiple vulnerabilities in Mozilla Firefox ESR
2019-05-21 00:00:00
KLA11486 Multiple vulnerabilities in Mozilla Firefox
2019-05-21 00:00:00
ibm
ibm
slackware
slackware
[slackware-security] mozilla-firefox
2019-05-21 23:35:28
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 60.7.0-alt1
2019-05-20 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 60.7.0-alt1
2019-05-21 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 60.7 — Mozilla
2019-05-21 00:00:00
Security vulnerabilities fixed in Thunderbird 60.7 — Mozilla
2019-05-21 00:00:00
Security vulnerabilities fixed in Firefox 67 — Mozilla
2019-05-21 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2019-06-10 00:00:00
Security update for MozillaThunderbird (important)
2019-06-02 00:00:00
Security update for MozillaThunderbird (important)
2019-06-28 00:00:00
debian
debian
[SECURITY] [DLA 1800-1] firefox-esr security update
2019-05-23 09:40:35
[SECURITY] [DLA 1806-1] thunderbird security update
2019-05-27 08:46:54
[SECURITY] [DSA 4448-1] firefox-esr security update
2019-05-22 21:24:31
centos
centos
firefox security update
2019-05-29 19:47:30
thunderbird security update
2019-06-10 22:49:17
firefox security update
2019-05-29 19:48:35
oraclelinux
oraclelinux
thunderbird security update
2019-06-03 00:00:00
thunderbird security update
2019-07-30 00:00:00
firefox security update
2019-05-24 00:00:00
redhat
redhat
(RHSA-2019:1308) Important: thunderbird security update
2019-06-03 20:24:05
(RHSA-2019:1269) Critical: firefox security update
2019-05-23 15:30:06
(RHSA-2019:1309) Important: thunderbird security update
2019-06-03 20:24:17
osv
osv
firefox-esr - security update
2019-05-22 00:00:00
firefox-esr - security update
2019-05-23 00:00:00
thunderbird - security update
2019-05-27 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2019-06-10 22:17:03
Updated thunderbird packages fix security vulnerabilities
2019-06-10 22:17:03
amazon
amazon
Critical: thunderbird
2019-06-11 23:24:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2019-05-21 00:00:00
archlinux
archlinux
[ASA-201905-8] thunderbird: multiple issues
2019-05-23 00:00:00
[ASA-201905-9] firefox: multiple issues
2019-05-23 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2019-05-28 00:00:00
Firefox regression
2019-06-06 00:00:00
Firefox regression
2019-06-14 00:00:00
cve
cve
cvelist
cvelist
prion
prion
Design/Logic Flaw
2019-07-23 14:15:00
Design/Logic Flaw
2019-07-23 14:15:00
Type confusion
2019-07-23 14:15:00
debiancve
debiancve
redhatcve
redhatcve
ubuntucve
ubuntucve
nvd
nvd
alpinelinux
alpinelinux
zdt
zdt
veracode
veracode
Information Disclosure
2019-05-27 00:39:14
Denial Of Service (DoS)
2019-05-27 00:39:14
Information Disclosure
2019-05-27 00:39:21
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.684 Medium
EPSS
Percentile
98.0%
Related for SUSE_SU-2019-1388-1.NASL