Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2014 Greenbone AGOPENVAS:1361412562310868456
HistoryNov 07, 2014 - 12:00 a.m.

Fedora Update for Pound FEDORA-2014-13764

2014-11-0700:00:00
Copyright (C) 2014 Greenbone AG
plugins.openvas.org
12

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

Check the version of Pound

# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.868456");
  script_version("2023-11-02T05:05:26+0000");
  script_tag(name:"last_modification", value:"2023-11-02 05:05:26 +0000 (Thu, 02 Nov 2023)");
  script_tag(name:"creation_date", value:"2014-11-07 06:17:20 +0100 (Fri, 07 Nov 2014)");
  script_cve_id("CVE-2011-3389", "CVE-2012-4929", "CVE-2005-2090", "CVE-2014-3566");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2021-06-16 12:15:00 +0000 (Wed, 16 Jun 2021)");
  script_name("Fedora Update for Pound FEDORA-2014-13764");
  script_tag(name:"summary", value:"Check the version of Pound");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"affected", value:"Pound on Fedora 19");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name:"FEDORA", value:"2014-13764");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2014-November/142795.html");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2014 Greenbone AG");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC19");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC19")
{

  if ((res = isrpmvuln(pkg:"Pound", rpm:"Pound~2.6~8.fc19", rls:"FC19")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Related

nessus 34
fedora 22
openvas 58
debian 4
osv 6
rapid7blog 1
cve 3
cert 3
f5 4
veracode 6
github 1
threatpost 1
jvn 1
tomcat 2
cvelist 4
nvd 4
ubuntu 2
debiancve 2
ibm 21
ubuntucve 2
prion 2
checkpoint_security 1
mskb 1
checkpoint_advisories 2
securityvulns 3
freebsd 1
ics 1
seebug 3
hackerone 1
citrix 1
redhat 1
amazon 1
nessus
nessus
Fedora 20 : Pound-2.6-8.fc20 (2014-13777)
2014-11-12 00:00:00
Fedora 19 : Pound-2.6-8.fc19 (2014-13764)
2014-11-07 00:00:00
Debian DLA-400-1 : pound security update (BEAST) (POODLE)
2016-01-25 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: Pound-2.6-8.fc19
2014-11-07 02:38:03
[SECURITY] Fedora 20 Update: Pound-2.6-8.fc20
2014-11-12 02:45:18
[SECURITY] Fedora 15 Update: nss-util-3.13.1-3.fc15
2012-01-22 05:26:28
openvas
openvas
Fedora Update for Pound FEDORA-2014-13777
2014-11-12 00:00:00
Debian: Security Advisory (DLA-400-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 3253-1 (pound - security update)
2015-05-07 00:00:00
debian
debian
[SECURITY] [DLA 400-1] pound security update
2016-01-24 04:50:54
[SECURITY] [DSA 3253-1] pound security update
2015-05-07 19:39:51
[SECURITY] [DSA 2627-1] nginx security update
2013-02-17 11:14:31
osv
osv
pound - security update
2016-01-24 00:00:00
pound - security update
2015-05-07 00:00:00
Tomcat Vulnerable to Web Cache Poisoning
2022-05-01 02:04:54
rapid7blog
rapid7blog
New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”
2021-09-01 13:11:33
cve
cve
CVE-2005-2090
2005-07-05 04:00:00
CVE-2012-4929
2012-09-15 18:55:03
CVE-2011-3389
2011-09-06 19:55:03
cert
cert
Single crafted HTTP request may result in multiple responses
2005-02-04 00:00:00
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
2011-09-27 00:00:00
POODLE vulnerability in SSL 3.0
2014-10-17 00:00:00
f5
f5
SOL16828 - Apache Tomcat vulnerability CVE-2005-2090
2015-07-02 00:00:00
K16828 : Apache Tomcat vulnerability CVE-2005-2090
2015-07-02 00:00:00
SOL14054 - CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929
2012-12-05 00:00:00
veracode
veracode
HTTP Request Smuggling
2018-11-13 06:55:19
Information Leakage
2019-01-15 08:58:53
Man-in-the-Middle (MitM)
2019-05-02 04:55:58
github
github
Tomcat Vulnerable to Web Cache Poisoning
2022-05-01 02:04:54
threatpost
threatpost
Apple Patches Mass of Security Bugs in OS X and Safari
2013-06-05 09:51:54
jvn
jvn
JVN#65273415: Android OS issue where it is affected by the CRIME attack
2016-07-22 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.23, 5.0.SVN
2007-03-09 00:00:00
Fixed in Apache Tomcat 6.0.11
2005-06-30 00:00:00
cvelist
cvelist
CVE-2005-2090
2005-06-30 04:00:00
CVE-2012-4929
2012-09-15 18:00:00
CVE-2011-3389
2011-09-06 19:00:00
nvd
nvd
CVE-2005-2090
2005-07-05 04:00:00
CVE-2012-4929
2012-09-15 18:55:03
CVE-2011-3389
2011-09-06 19:55:03
ubuntu
ubuntu
Qt vulnerability
2012-11-08 00:00:00
OpenSSL vulnerability
2013-07-04 00:00:00
debiancve
debiancve
CVE-2012-4929
2012-09-15 18:55:03
CVE-2011-3389
2011-09-06 19:55:03
ibm
ibm
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSL (CVE-2012-4929)
2020-03-03 19:02:20
Security Bulletin: IBM System x and Flex Systems Browser Exploit Against SSL/TLS (BEAST) Mitigations (CVE-2011-3389)
2022-05-16 16:03:13
Security Bulletin: Vulnerabilities in SSL and TLS protocols affect the IBM FlashSystem V840 (CVE-2011-3389)
2018-06-18 00:09:28
ubuntucve
ubuntucve
CVE-2012-4929
2012-09-15 00:00:00
CVE-2011-3389
2011-11-16 00:00:00
prion
prion
Design/Logic Flaw
2012-09-15 18:55:00
Session fixation
2011-09-06 19:55:00
checkpoint_security
checkpoint_security
Check Point response to CVE-2011-3389 aka BEAST attack
2012-10-15 22:00:00
mskb
mskb
MS12-006: Vulnerability in SSL/TLS could allow information disclosure: January 10, 2012
2012-01-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Web Servers SSL Flooding Denial of Service (CVE-2011-3389)
2011-11-06 00:00:00
Preemptive Protection against SSL and TLS Protocols Information Disclosure (MS12-006; CVE-2011-3389)
2012-01-10 00:00:00
securityvulns
securityvulns
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
2014-05-05 00:00:00
ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
2012-10-29 00:00:00
[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)
2014-02-28 00:00:00
freebsd
freebsd
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
2012-01-19 00:00:00
ics
ics
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
2018-09-06 12:00:00
seebug
seebug
Microsoft Windows SSL/TLS信息泄露漏洞
2011-09-29 00:00:00
Apache Tomcat 安全限制绕过漏洞
2014-02-26 00:00:00
SSL 3.0 POODLE(CVE-2014-3566)
2017-02-17 00:00:00
hackerone
hackerone
New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2017-03-26 19:08:23
citrix
citrix
CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw
2014-10-14 04:00:00
redhat
redhat
(RHSA-2015:1546) Important: node.js security update
2015-08-04 00:00:00
amazon
amazon
Important: openssl
2014-10-14 22:32:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON
Related for OPENVAS:1361412562310868456
nessus34fedora22openvas58debian4osv6rapid7blog1cve3cert3f54veracode6github1threatpost1jvn1tomcat2cvelist4nvd4ubuntu2debiancve2ibm21ubuntucve2prion2checkpoint_security1mskb1checkpoint_advisories2securityvulns3freebsd1ics1seebug3hackerone1citrix1redhat1amazon1