|
3 | 3 | {"pluginID":"10114","severity":{"id":"0","name":"Info","description":"Informative"},"hasBeenMitigated":"0","acceptRisk":"0","recastRisk":"0","ip":"10.238.64.1","uuid":"","port":"0","protocol":"ICMP","pluginName":"ICMP Timestamp Request Remote Date Disclosure","firstSeen":"1551284872","lastSeen":"1632586125","exploitAvailable":"No","exploitEase":"","exploitFrameworks":"","synopsis":"It is possible to determine the exact time set on the remote host.","description":"The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.\n\nTimestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.","solution":"Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).","seeAlso":"","riskFactor":"None","stigSeverity":"","vprScore":"0.8","vprContext":"[{\"id\":\"age_of_vuln\",\"name\":\"Vulnerability Age\",\"type\":\"string\",\"value\":\"730 days +\"},{\"id\":\"cvssV3_impactScore\",\"name\":\"CVSS v3 Impact Score\",\"type\":\"number\",\"value\":0},{\"id\":\"exploit_code_maturity\",\"name\":\"Exploit Code Maturity\",\"type\":\"string\",\"value\":\"Unproven\"},{\"id\":\"product_coverage\",\"name\":\"Product Coverage\",\"type\":\"string\",\"value\":\"Very High\"},{\"id\":\"threat_intensity_last_28\",\"name\":\"Threat Intensity\",\"type\":\"string\",\"value\":\"Very Low\"},{\"id\":\"threat_recency\",\"name\":\"Threat Recency\",\"type\":\"string\",\"value\":\"No recorded events\"},{\"id\":\"threat_sources_last_28\",\"name\":\"Threat Sources\",\"type\":\"string\",\"value\":\"No recorded events\"}]","baseScore":"0.0","temporalScore":"","cvssVector":"AV:L/AC:L/Au:N/C:N/I:N/A:N","cvssV3BaseScore":"0.0","cvssV3TemporalScore":"","cvssV3Vector":"AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N","cpe":"","vulnPubDate":"788961600","patchPubDate":"-1","pluginPubDate":"933508800","pluginModDate":"1570190400","checkType":"remote","version":"1.48","cve":"CVE-1999-0524","bid":"","xref":"CWE #200","pluginText":"<plugin_output>The remote clock is synchronized with the local clock.\n</plugin_output>","dnsName":"_gateway.lxd","macAddress":"00:16:3e:a1:12:f7","netbiosName":"","operatingSystem":"Linux Kernel 2.6","ips":"10.238.64.1","hostUniqueness":"repositoryID,ip,dnsName","uniqueness":"repositoryID,ip,dnsName","family":{"id":"30","name":"General","type":"active"},"repository":{"id":"1","name":"Live","description":"","sciID":"1","dataFormat":"IPv4"},"pluginInfo":"10114 (0/1) ICMP Timestamp Request Remote Date Disclosure"} |
4 | 4 | {"pluginID":"128375","severity":{"id":"3","name":"High","description":"High Severity"},"hasBeenMitigated":"0","acceptRisk":"0","recastRisk":"0","ip":"10.238.64.9","uuid":"","port":"0","protocol":"TCP","pluginName":"CentOS 7 : elfutils (CESA-2019:2197)","firstSeen":"1567267631","lastSeen":"1635610340","exploitAvailable":"No","exploitEase":"No known exploits are available","exploitFrameworks":"","synopsis":"The remote CentOS host is missing one or more security updates.","description":"An update for elfutils is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nThe elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code.\n\nThe following packages have been upgraded to a later upstream version:\nelfutils (0.176). (BZ#1676504)\n\nSecurity Fix(es) :\n\n* elfutils: Heap-based buffer over-read in libdw/ dwarf_getaranges.c:dwarf_getaranges() via crafted file (CVE-2018-16062)\n\n* elfutils: Double-free due to double decompression of sections in crafted ELF causes crash (CVE-2018-16402)\n\n* elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/ dwarf_hasattr.c causes crash (CVE-2018-16403)\n\n* elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl (CVE-2018-18310)\n\n* elfutils: eu-size cannot handle recursive ar files (CVE-2018-18520)\n\n* elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c (CVE-2018-18521)\n\n* elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw (CVE-2019-7149)\n\n* elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c (CVE-2019-7150)\n\n* elfutils: Out of bound write in elf_cvt_note in libelf/note_xlate.h (CVE-2019-7664)\n\n* elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c (CVE-2019-7665)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.","solution":"Update the affected elfutils packages.","seeAlso":"http://www.nessus.org/u?296c7414","riskFactor":"High","stigSeverity":"","vprScore":"5.9","vprContext":"[{\"id\":\"age_of_vuln\",\"name\":\"Vulnerability Age\",\"type\":\"string\",\"value\":\"730 days +\"},{\"id\":\"cvssV3_impactScore\",\"name\":\"CVSS v3 Impact Score\",\"type\":\"number\",\"value\":5.9000000000000004},{\"id\":\"exploit_code_maturity\",\"name\":\"Exploit Code Maturity\",\"type\":\"string\",\"value\":\"Unproven\"},{\"id\":\"product_coverage\",\"name\":\"Product Coverage\",\"type\":\"string\",\"value\":\"Low\"},{\"id\":\"threat_intensity_last_28\",\"name\":\"Threat Intensity\",\"type\":\"string\",\"value\":\"Very Low\"},{\"id\":\"threat_recency\",\"name\":\"Threat Recency\",\"type\":\"string\",\"value\":\"No recorded events\"},{\"id\":\"threat_sources_last_28\",\"name\":\"Threat Sources\",\"type\":\"string\",\"value\":\"No recorded events\"}]","baseScore":"7.5","temporalScore":"5.5","cvssVector":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C","cvssV3BaseScore":"9.8","cvssV3TemporalScore":"8.5","cvssV3Vector":"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","cpe":"p-cpe:/a:centos:centos:elfutils<br/>p-cpe:/a:centos:centos:elfutils-default-yama-scope<br/>p-cpe:/a:centos:centos:elfutils-devel<br/>p-cpe:/a:centos:centos:elfutils-devel-static<br/>p-cpe:/a:centos:centos:elfutils-libelf<br/>p-cpe:/a:centos:centos:elfutils-libelf-devel<br/>p-cpe:/a:centos:centos:elfutils-libelf-devel-static<br/>p-cpe:/a:centos:centos:elfutils-libs<br/>cpe:/o:centos:centos:7","vulnPubDate":"1535544000","patchPubDate":"1567080000","pluginPubDate":"1567166400","pluginModDate":"1577793600","checkType":"local","version":"1.3","cve":"CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665","bid":"","xref":"RHSA #2019:2197","pluginText":"<plugin_output>\nRemote package installed : elfutils-default-yama-scope-0.172-2.el7\nShould be : elfutils-default-yama-scope-0.176-2.el7\n\nRemote package installed : elfutils-libelf-0.172-2.el7\nShould be : elfutils-libelf-0.176-2.el7\n\nRemote package installed : elfutils-libs-0.172-2.el7\nShould be : elfutils-libs-0.176-2.el7\n\n\nNOTE: The security advisory associated with this vulnerability has a\nfixed package version that may only be available in the continuous\nrelease (CR) repository for CentOS, until it is present in the next\npoint release of CentOS.\n\nIf an equal or higher package level does not exist in the baseline\nrepository for your major version of CentOS, then updates from the CR\nrepository will need to be applied in order to address the\nvulnerability.\n</plugin_output>","dnsName":"target-cent7.lxd","macAddress":"00:16:3e:5d:7a:71","netbiosName":"","operatingSystem":"Linux Kernel 5.8.0-1035-aws on CentOS Linux release 7.6.1810 (Core)","ips":"10.238.64.9","hostUniqueness":"repositoryID,ip,dnsName","uniqueness":"repositoryID,ip,dnsName","family":{"id":"18","name":"CentOS Local Security Checks","type":"active"},"repository":{"id":"1","name":"Live","description":"","sciID":"1","dataFormat":"IPv4"},"pluginInfo":"128375 (0/6) CentOS 7 : elfutils (CESA-2019:2197)"} |
5 | 5 | {"pluginID":"135358","severity":{"id":"2","name":"Medium","description":"Medium Severity"},"hasBeenMitigated":"0","acceptRisk":"0","recastRisk":"0","ip":"10.238.64.9","uuid":"","port":"0","protocol":"TCP","pluginName":"CentOS 7 : libxml2 (CESA-2020:1190)","firstSeen":"1616256379","lastSeen":"1635610340","exploitAvailable":"No","exploitEase":"No known exploits are available","exploitFrameworks":"","synopsis":"The remote CentOS Linux host is missing one or more security updates.","description":"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1190 advisory.\n\n - libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n - libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n - libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n - libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n - libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n - libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","solution":"Update the affected packages.","seeAlso":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035\nhttp://www.nessus.org/u?2ed8ea19\nhttps://cwe.mitre.org/data/definitions/252.html\nhttps://cwe.mitre.org/data/definitions/400.html\nhttps://cwe.mitre.org/data/definitions/476.html","riskFactor":"Medium","stigSeverity":"","vprScore":"6.7","vprContext":"[{\"id\":\"age_of_vuln\",\"name\":\"Vulnerability Age\",\"type\":\"string\",\"value\":\"730 days +\"},{\"id\":\"cvssV3_impactScore\",\"name\":\"CVSS v3 Impact Score\",\"type\":\"number\",\"value\":5.9000000000000004},{\"id\":\"exploit_code_maturity\",\"name\":\"Exploit Code Maturity\",\"type\":\"string\",\"value\":\"Unproven\"},{\"id\":\"product_coverage\",\"name\":\"Product Coverage\",\"type\":\"string\",\"value\":\"Very High\"},{\"id\":\"threat_intensity_last_28\",\"name\":\"Threat Intensity\",\"type\":\"string\",\"value\":\"Very Low\"},{\"id\":\"threat_recency\",\"name\":\"Threat Recency\",\"type\":\"string\",\"value\":\"> 365 days\"},{\"id\":\"threat_sources_last_28\",\"name\":\"Threat Sources\",\"type\":\"string\",\"value\":\"No recorded events\"}]","baseScore":"6.8","temporalScore":"5.0","cvssVector":"AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C","cvssV3BaseScore":"8.8","cvssV3TemporalScore":"7.7","cvssV3Vector":"AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","cpe":"p-cpe:/a:centos:centos:libxml2<br/>p-cpe:/a:centos:centos:libxml2-devel<br/>p-cpe:/a:centos:centos:libxml2-python<br/>p-cpe:/a:centos:centos:libxml2-static<br/>cpe:/o:centos:centos:7","vulnPubDate":"1446465600","patchPubDate":"1586347200","pluginPubDate":"1586520000","pluginModDate":"1615896000","checkType":"local","version":"1.4","cve":"CVE-2015-8035,CVE-2016-5131,CVE-2017-15412,CVE-2017-18258,CVE-2018-14404,CVE-2018-14567","bid":"","xref":"RHSA #2020:1190,CWE #252,CWE #400,CWE #476","pluginText":"<plugin_output>\nRemote package installed : libxml2-2.9.1-6.el7_2.3\nShould be : libxml2-2.9.1-6.el7.4\n\n\nNOTE: The security advisory associated with this vulnerability has a\nfixed package version that may only be available in the continuous\nrelease (CR) repository for CentOS, until it is present in the next\npoint release of CentOS.\n\nIf an equal or higher package level does not exist in the baseline\nrepository for your major version of CentOS, then updates from the CR\nrepository will need to be applied in order to address the\nvulnerability.\n</plugin_output>","dnsName":"target-cent7.lxd","macAddress":"00:16:3e:5d:7a:71","netbiosName":"","operatingSystem":"Linux Kernel 5.8.0-1035-aws on CentOS Linux release 7.6.1810 (Core)","ips":"10.238.64.9","hostUniqueness":"repositoryID,ip,dnsName","uniqueness":"repositoryID,ip,dnsName","family":{"id":"18","name":"CentOS Local Security Checks","type":"active"},"repository":{"id":"1","name":"Live","description":"","sciID":"1","dataFormat":"IPv4"},"pluginInfo":"135358 (0/6) CentOS 7 : libxml2 (CESA-2020:1190)"} |
| 6 | +{"pluginID":"135358","severity":{"id":"2","name":"Medium","description":"Medium Severity"},"hasBeenMitigated":"0","acceptRisk":"0","recastRisk":"0","ip":"10.238.64.9","uuid":"","port":"0","protocol":"TCP","pluginName":"CentOS 7 : libxml2 (CESA-2020:1190)","firstSeen":"1616256379","lastSeen":"1635610340","exploitAvailable":"No","exploitEase":"No known exploits are available","exploitFrameworks":"","synopsis":"The remote CentOS Linux host is missing one or more security updates.","description":"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1190 advisory.\n\n - libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n - libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n - libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n - libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n - libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n - libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.","solution":"Update the affected packages.","riskFactor":"Medium","stigSeverity":"","vprScore":"6.7","vprContext":"[{\"id\":\"age_of_vuln\",\"name\":\"Vulnerability Age\",\"type\":\"string\",\"value\":\"730 days +\"},{\"id\":\"cvssV3_impactScore\",\"name\":\"CVSS v3 Impact Score\",\"type\":\"number\",\"value\":5.9000000000000004},{\"id\":\"exploit_code_maturity\",\"name\":\"Exploit Code Maturity\",\"type\":\"string\",\"value\":\"Unproven\"},{\"id\":\"product_coverage\",\"name\":\"Product Coverage\",\"type\":\"string\",\"value\":\"Very High\"},{\"id\":\"threat_intensity_last_28\",\"name\":\"Threat Intensity\",\"type\":\"string\",\"value\":\"Very Low\"},{\"id\":\"threat_recency\",\"name\":\"Threat Recency\",\"type\":\"string\",\"value\":\"> 365 days\"},{\"id\":\"threat_sources_last_28\",\"name\":\"Threat Sources\",\"type\":\"string\",\"value\":\"No recorded events\"}]","baseScore":"6.8","temporalScore":"5.0","cvssVector":"AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C","cvssV3BaseScore":"8.8","cvssV3TemporalScore":"7.7","cvssV3Vector":"AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","cpe":"p-cpe:/a:centos:centos:libxml2<br/>p-cpe:/a:centos:centos:libxml2-devel<br/>p-cpe:/a:centos:centos:libxml2-python<br/>p-cpe:/a:centos:centos:libxml2-static<br/>cpe:/o:centos:centos:7","vulnPubDate":"1446465600","patchPubDate":"1586347200","pluginPubDate":"1586520000","pluginModDate":"1615896000","checkType":"local","version":"1.4","cve":"CVE-2015-8035,CVE-2016-5131,CVE-2017-15412,CVE-2017-18258,CVE-2018-14404,CVE-2018-14567","bid":"","xref":"RHSA #2020:1190,CWE #252,CWE #400,CWE #476","pluginText":"<plugin_output>\nRemote package installed : libxml2-2.9.1-6.el7_2.3\nShould be : libxml2-2.9.1-6.el7.4\n\n\nNOTE: The security advisory associated with this vulnerability has a\nfixed package version that may only be available in the continuous\nrelease (CR) repository for CentOS, until it is present in the next\npoint release of CentOS.\n\nIf an equal or higher package level does not exist in the baseline\nrepository for your major version of CentOS, then updates from the CR\nrepository will need to be applied in order to address the\nvulnerability.\n</plugin_output>","dnsName":"target-cent7.lxd","macAddress":"00:16:3e:5d:7a:71","netbiosName":"","operatingSystem":"Linux Kernel 5.8.0-1035-aws on CentOS Linux release 7.6.1810 (Core)","ips":"10.238.64.9","hostUniqueness":"repositoryID,ip,dnsName","uniqueness":"repositoryID,ip,dnsName","family":{"id":"18","name":"CentOS Local Security Checks","type":"active"},"repository":{"id":"1","name":"Live","description":"","sciID":"1","dataFormat":"IPv4"},"pluginInfo":"135358 (0/6) CentOS 7 : libxml2 (CESA-2020:1190)"} |
6 | 7 | {"error_code":0,"error_msg":"","response":{"endOffset":"118000","matchingDataElementCount":"-1","results":[],"returnedRecords":0,"startOffset":"117000","totalRecords":"116095"},"timestamp":1677232486,"type":"regular","warnings":[]} |
0 commit comments