Lucene search
Copyright (C) 2015 Greenbone AGOPENVAS:1361412562310131116HistoryNov 08, 2015 - 12:00 a.m.
Mageia: Security Advisory (MGASA-2015-0426)
2015-11-0800:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
16
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.4%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.131116");
script_cve_id("CVE-2015-5211");
script_tag(name:"creation_date", value:"2015-11-08 11:02:11 +0000 (Sun, 08 Nov 2015)");
script_version("2024-02-02T05:06:05+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:05 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2017-06-08 13:35:34 +0000 (Thu, 08 Jun 2017)");
script_name("Mageia: Security Advisory (MGASA-2015-0426)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA5");
script_xref(name:"Advisory-ID", value:"MGASA-2015-0426");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2015-0426.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=17070");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/170543.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'json-path, json-smart, springframework' package(s) announced via the MGASA-2015-0426 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Under some situations, the Spring Framework is vulnerable to a Reflected
File Download (RFD) attack. The attack involves a malicious user crafting
a URL with a batch script extension that results in the response being
downloaded rather than rendered and also includes some input reflected in
the response (CVE-2015-5211).");
script_tag(name:"affected", value:"'json-path, json-smart, springframework' package(s) on Mageia 5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA5") {
if(!isnull(res = isrpmvuln(pkg:"json-path", rpm:"json-path~0.9.1~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"json-path-javadoc", rpm:"json-path-javadoc~0.9.1~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"json-smart", rpm:"json-smart~1.3~0.20140820.1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"json-smart-javadoc", rpm:"json-smart-javadoc~1.3~0.20140820.1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework", rpm:"springframework~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-aop", rpm:"springframework-aop~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-beans", rpm:"springframework-beans~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-context", rpm:"springframework-context~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-context-support", rpm:"springframework-context-support~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-expression", rpm:"springframework-expression~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-instrument", rpm:"springframework-instrument~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-instrument-tomcat", rpm:"springframework-instrument-tomcat~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-javadoc", rpm:"springframework-javadoc~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-jdbc", rpm:"springframework-jdbc~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-jms", rpm:"springframework-jms~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-orm", rpm:"springframework-orm~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-oxm", rpm:"springframework-oxm~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-struts", rpm:"springframework-struts~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-test", rpm:"springframework-test~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-test-mvc", rpm:"springframework-test-mvc~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-tx", rpm:"springframework-tx~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-web", rpm:"springframework-web~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-webmvc", rpm:"springframework-webmvc~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"springframework-webmvc-portlet", rpm:"springframework-webmvc-portlet~3.2.15~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
Fedora 23 : springframework-3.2.15-1.fc23 (2015-065d9953e8)
2016-03-04 00:00:00
Fedora 22 : springframework-3.2.15-1.fc22 (2015-693035254a)
2016-03-04 00:00:00
Fedora 21 : springframework-3.2.15-1.fc21 (2015-9295d75400)
2016-03-04 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: springframework-3.2.15-1.fc21
2015-11-01 22:22:42
[SECURITY] Fedora 22 Update: springframework-3.2.15-1.fc22
2015-11-01 21:55:23
[SECURITY] Fedora 23 Update: springframework-3.2.15-1.fc23
2015-11-01 02:58:09
openvas
openvas
Fedora Update for springframework FEDORA-2015-693035254
2015-11-02 00:00:00
Fedora Update for springframework FEDORA-2015-9295
2015-11-02 00:00:00
Debian: Security Advisory (DLA-1853-1)
2019-07-14 00:00:00
osv
osv
Files or Directories Accessible to External Parties in org.springframework:spring-core
2018-10-17 20:29:33
CVE-2020-5421
2020-09-19 04:15:11
Improper Input Validation in Spring Framework
2021-04-30 17:29:51
prion
prion
Input validation
2017-05-25 17:29:00
Design/Logic Flaw
2020-09-19 04:15:00
ubuntucve
ubuntucve
CVE-2015-5211
2017-05-25 00:00:00
CVE-2020-5421
2020-09-19 00:00:00
nvd
nvd
CVE-2015-5211
2017-05-25 17:29:00
CVE-2020-5421
2020-09-19 04:15:11
cvelist
cvelist
CVE-2015-5211
2017-05-25 17:00:00
CVE-2020-5421 RFD Protection Bypass via jsessionid
2020-09-17 00:00:00
github
github
Files or Directories Accessible to External Parties in org.springframework:spring-core
2018-10-17 20:29:33
Improper Input Validation in Spring Framework
2021-04-30 17:29:51
cve
cve
CVE-2015-5211
2017-05-25 17:29:00
CVE-2020-5421
2020-09-19 04:15:11
debiancve
debiancve
CVE-2015-5211
2017-05-25 17:29:00
CVE-2020-5421
2020-09-19 04:15:11
mageia
mageia
Updated springframework packages fix security vulnerability
2015-11-04 21:03:05
ibm
ibm
githubexploit
githubexploit
Exploit for Vulnerability in Pivotal Software Spring Framework
2021-01-10 12:26:00
veracode
veracode
Reflected File Download (RFD) Attack
2020-09-18 08:14:19
redhatcve
redhatcve
CVE-2020-5421
2020-09-21 16:59:07
debian
debian
[SECURITY] [DLA 1853-1] libspring-java security update
2019-07-13 21:20:48
ubuntu
ubuntu
Spring Framework vulnerabilities
2021-03-17 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.4%
Related for OPENVAS:1361412562310131116