Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2020 Greenbone AGOPENVAS:1361412562311220201376
HistoryApr 16, 2020 - 12:00 a.m.

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1376)

2020-04-1600:00:00
Copyright (C) 2020 Greenbone AG
plugins.openvas.org
15

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8.2 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.9%

JSON

The remote host is missing an update for the Huawei EulerOS

# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.2.2020.1376");
  script_cve_id("CVE-2016-8625", "CVE-2019-15601");
  script_tag(name:"creation_date", value:"2020-04-16 05:45:51 +0000 (Thu, 16 Apr 2020)");
  script_version("2024-02-05T14:36:56+0000");
  script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-10-10 15:44:24 +0000 (Wed, 10 Oct 2018)");

  script_name("Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1376)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2020 Greenbone AG");
  script_family("Huawei EulerOS Local Security Checks");
  script_dependencies("gb_huawei_euleros_consolidation.nasl");
  script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP3");

  script_xref(name:"Advisory-ID", value:"EulerOS-SA-2020-1376");
  script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2020-1376");

  script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'curl' package(s) announced via the EulerOS-SA-2020-1376 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"CURL before 7.68.0 lacks proper input validation, which allows users to create a `FILE:` URL that can make the client access a remote file using SMB (Windows-only issue).(CVE-2019-15601)

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.(CVE-2016-8625)");

  script_tag(name:"affected", value:"'curl' package(s) on Huawei EulerOS V2.0SP3.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "EULEROS-2.0SP3") {

  if(!isnull(res = isrpmvuln(pkg:"curl", rpm:"curl~7.29.0~35.h29", rls:"EULEROS-2.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libcurl", rpm:"libcurl~7.29.0~35.h29", rls:"EULEROS-2.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libcurl-devel", rpm:"libcurl-devel~7.29.0~35.h29", rls:"EULEROS-2.0SP3"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

ibm 6
nvd 2
cvelist 2
openvas 12
hackerone 1
cve 2
symantec 1
nessus 20
redhatcve 2
veracode 2
osv 1
alpinelinux 1
ubuntucve 1
debiancve 1
prion 1
f5 1
cloudfoundry 1
archlinux 6
freebsd 2
altlinux 1
oraclelinux 1
slackware 1
rosalinux 1
gentoo 1
redhat 2
apple 2
oracle 2
ibm
ibm
Security Bulletin: cURL vulnerability CVE-2019-15601 impacts IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier
2020-12-08 18:37:57
Security Bulletin: cURL vulnerability CVE-2019-15601 impacts IBM Aspera High-Speed Transfer Server 3.9.6.2 and earlier and Aspera High-Speed Transfer Endpoint 3.9.6.2 and earlier
2020-12-10 23:59:30
Security Bulletin: IBM MQ is affected by a vulnerability within cURL libcurl (CVE-2019-15601)
2020-04-15 10:24:14
nvd
nvd
CVE-2019-15601
2020-01-06 17:15:12
CVE-2016-8625
2018-08-01 06:29:00
cvelist
cvelist
CVE-2019-15601
2020-01-06 16:32:53
CVE-2016-8625
2018-08-01 06:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1345)
2020-04-01 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1144)
2020-02-25 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1762)
2020-07-03 00:00:00
hackerone
hackerone
curl: curl still vulnerable to SMB access smuggling via FILE URL on Windows
2020-03-08 01:06:41
cve
cve
CVE-2019-15601
2020-01-06 17:15:12
CVE-2016-8625
2018-08-01 06:29:00
symantec
symantec
cURL CVE-2019-15601 Remote Security Bypass Vulnerability
2020-01-08 00:00:00
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.6.0 : curl (EulerOS-SA-2020-1345)
2020-04-02 00:00:00
EulerOS 2.0 SP8 : curl (EulerOS-SA-2020-1144)
2020-02-25 00:00:00
EulerOS Virtualization 3.0.6.0 : curl-openssl (EulerOS-SA-2020-1758)
2020-07-01 00:00:00
redhatcve
redhatcve
CVE-2019-15601
2020-04-14 19:26:09
CVE-2016-8625
2016-11-02 08:48:01
veracode
veracode
Unauthorized Remote File Access
2020-01-08 04:47:16
Unauthorized Requests
2018-08-02 09:04:08
osv
osv
CVE-2016-8625
2018-08-01 06:29:00
alpinelinux
alpinelinux
CVE-2016-8625
2018-08-01 06:29:00
ubuntucve
ubuntucve
CVE-2016-8625
2018-08-01 00:00:00
debiancve
debiancve
CVE-2016-8625
2018-08-01 06:29:00
prion
prion
Code injection
2018-08-01 06:29:00
f5
f5
cURL and libcurl vulnerability CVE-2016-8625
2017-04-14 19:37:00
cloudfoundry
cloudfoundry
PXC Release update for April 2020 MySQL security patches | Cloud Foundry
2020-08-10 00:00:00
archlinux
archlinux
[ASA-201611-9] libcurl-gnutls: multiple issues
2016-11-03 00:00:00
[ASA-201611-5] lib32-libcurl-compat: multiple issues
2016-11-02 00:00:00
[ASA-201611-10] lib32-libcurl-gnutls: multiple issues
2016-11-03 00:00:00
freebsd
freebsd
cURL -- multiple vulnerabilities
2016-11-02 00:00:00
MySQL Server -- Multiple vulerabilities
2020-04-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.51.0-alt1
2016-11-02 00:00:00
oraclelinux
oraclelinux
curl security update
2019-05-21 00:00:00
slackware
slackware
[slackware-security] curl
2016-11-04 03:34:42
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-01-19 00:00:00
redhat
redhat
(RHSA-2018:2486) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
2018-08-16 16:05:21
(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update
2018-11-13 08:00:33
apple
apple
About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite
2016-12-13 00:00:00
About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite - Apple Support
2020-07-27 08:14:17
oracle
oracle
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8.2 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.9%

JSON
Related for OPENVAS:1361412562311220201376
ibm6nvd2cvelist2openvas12hackerone1cve2symantec1nessus20redhatcve2veracode2osv1alpinelinux1ubuntucve1debiancve1prion1f51cloudfoundry1archlinux6freebsd2altlinux1oraclelinux1slackware1rosalinux1gentoo1redhat2apple2oracle2