CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
72.5%
This update for java-11-openjdk fixes the following issues :
Java was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511).
Security issues fixed :
CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511).
CVE-2020-2755: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511).
CVE-2020-2756: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511).
CVE-2020-2757: Fixed an object deserialization issue that could have resulted in denial of service via crafted serialized input (bsc#1169511).
CVE-2020-2767: Fixed an incorrect handling of certificate messages during TLS handshakes (bsc#1169511).
CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511).
CVE-2020-2778: Fixed the incorrect handling of SSLParameters in setAlgorithmConstraints(), which could have been abused to override the defined systems security policy and lead to the use of weak crypto algorithms (bsc#1169511).
CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions (bsc#1169511).
CVE-2020-2800: Fixed an HTTP header injection issue caused by mishandling of CR/LF in header values (bsc#1169511).
CVE-2020-2803: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511).
CVE-2020-2805: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511).
CVE-2020-2816: Fixed an incorrect handling of application data packets during TLS handshakes (bsc#1169511).
CVE-2020-2830: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2020:1572-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(137601);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/13");
script_cve_id(
"CVE-2020-2754",
"CVE-2020-2755",
"CVE-2020-2756",
"CVE-2020-2757",
"CVE-2020-2767",
"CVE-2020-2773",
"CVE-2020-2778",
"CVE-2020-2781",
"CVE-2020-2800",
"CVE-2020-2803",
"CVE-2020-2805",
"CVE-2020-2816",
"CVE-2020-2830"
);
script_name(english:"SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2020:1572-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for java-11-openjdk fixes the following issues :
Java was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511).
Security issues fixed :
CVE-2020-2754: Fixed an incorrect handling of regular expressions that
could have resulted in denial of service (bsc#1169511).
CVE-2020-2755: Fixed an incorrect handling of regular expressions that
could have resulted in denial of service (bsc#1169511).
CVE-2020-2756: Fixed an incorrect handling of regular expressions that
could have resulted in denial of service (bsc#1169511).
CVE-2020-2757: Fixed an object deserialization issue that could have
resulted in denial of service via crafted serialized input
(bsc#1169511).
CVE-2020-2767: Fixed an incorrect handling of certificate messages
during TLS handshakes (bsc#1169511).
CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by
unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511).
CVE-2020-2778: Fixed the incorrect handling of SSLParameters in
setAlgorithmConstraints(), which could have been abused to override
the defined systems security policy and lead to the use of weak crypto
algorithms (bsc#1169511).
CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions
(bsc#1169511).
CVE-2020-2800: Fixed an HTTP header injection issue caused by
mishandling of CR/LF in header values (bsc#1169511).
CVE-2020-2803: Fixed a boundary check and type check issue that could
have led to a sandbox bypass (bsc#1169511).
CVE-2020-2805: Fixed a boundary check and type check issue that could
have led to a sandbox bypass (bsc#1169511).
CVE-2020-2816: Fixed an incorrect handling of application data packets
during TLS handshakes (bsc#1169511).
CVE-2020-2830: Fixed an incorrect handling of regular expressions that
could have resulted in denial of service (bsc#1169511).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1167462");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1169511");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-2754/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-2755/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-2756/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-2757/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-2767/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-2773/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-2778/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-2781/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-2800/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-2803/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-2805/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-2816/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-2830/");
# https://www.suse.com/support/update/announcement/2020/suse-su-20201572-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?289b8758");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server 12-SP5 :
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1572=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-2805");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-11.0.7.0-3.9.2")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-debuginfo-11.0.7.0-3.9.2")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-debugsource-11.0.7.0-3.9.2")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-demo-11.0.7.0-3.9.2")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-devel-11.0.7.0-3.9.2")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"java-11-openjdk-headless-11.0.7.0-3.9.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-11-openjdk");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2778
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2816
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830
www.nessus.org/u?289b8758
bugzilla.suse.com/show_bug.cgi?id=1167462
bugzilla.suse.com/show_bug.cgi?id=1169511
www.suse.com/security/cve/CVE-2020-2754/
www.suse.com/security/cve/CVE-2020-2755/
www.suse.com/security/cve/CVE-2020-2756/
www.suse.com/security/cve/CVE-2020-2757/
www.suse.com/security/cve/CVE-2020-2767/
www.suse.com/security/cve/CVE-2020-2773/
www.suse.com/security/cve/CVE-2020-2778/
www.suse.com/security/cve/CVE-2020-2781/
www.suse.com/security/cve/CVE-2020-2800/
www.suse.com/security/cve/CVE-2020-2803/
www.suse.com/security/cve/CVE-2020-2805/
www.suse.com/security/cve/CVE-2020-2816/
www.suse.com/security/cve/CVE-2020-2830/
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
72.5%