RHEL 6 : Red Hat OpenShift Enterprise 2.2.10 (RHSA-2016:1773)

critical Nessus Plugin ID 119378

Language:

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1773 advisory.

- Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix (CVE-2014-3577)

- apache-commons-collections: InvokerTransformer code execution during deserialisation (CVE-2015-7501)

- jenkins: Remote code execution vulnerability in remoting module (SECURITY-232) (CVE-2016-0788)

- jenkins: HTTP response splitting vulnerability (SECURITY-238) (CVE-2016-0789)

- jenkins: Non-constant time comparison of API token (SECURITY-241) (CVE-2016-0790)

- jenkins: Non-constant time comparison of CSRF crumbs (SECURITY-245) (CVE-2016-0791)

- jenkins: Remote code execution through remote API (SECURITY-247) (CVE-2016-0792)

- jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170) (CVE-2016-3721)

- jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243) (CVE-2016-3722)

- jenkins: Information on installed plugins exposed via API (SECURITY-250) (CVE-2016-3723)

- jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266) (CVE-2016-3724)

- jenkins: Regular users can trigger download of update site metadata (SECURITY-273) (CVE-2016-3725)

- jenkins: Open redirect to scheme-relative URLs (SECURITY-276) (CVE-2016-3726)

- jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281) (CVE-2016-3727)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 119378

File Name: redhat-RHSA-2016-1773.nasl

Version: 1.8

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 12/4/2018

Updated: 4/21/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-0788

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2016-0791

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:imagemagick-devel, p-cpe:/a:redhat:enterprise_linux:imagemagick-doc, p-cpe:/a:redhat:enterprise_linux:imagemagick-perl, p-cpe:/a:redhat:enterprise_linux:activemq, p-cpe:/a:redhat:enterprise_linux:activemq-client, p-cpe:/a:redhat:enterprise_linux:jenkins, p-cpe:/a:redhat:enterprise_linux:libcgroup, p-cpe:/a:redhat:enterprise_linux:libcgroup-pam, p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker, p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker-util, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-cron, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-diy, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-haproxy, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbosseap, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbossews, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins-client, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-mongodb, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-mysql, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-nodejs, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-perl, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-php, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-python, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-ruby, p-cpe:/a:redhat:enterprise_linux:openshift-origin-msg-node-mcollective, p-cpe:/a:redhat:enterprise_linux:openshift-origin-node-proxy, p-cpe:/a:redhat:enterprise_linux:openshift-origin-node-util, p-cpe:/a:redhat:enterprise_linux:rhc, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-admin-console, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-controller, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-frontend-haproxy-sni-proxy, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-msg-broker-mcollective, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-node, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-routing-daemon, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:imagemagick

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/24/2016

Vulnerability Publication Date: 8/21/2014

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Jenkins XStream Groovy classpath Deserialization Vulnerability)

Reference Information

CVE: CVE-2014-3577, CVE-2015-7501, CVE-2016-0788, CVE-2016-0789, CVE-2016-0790, CVE-2016-0791, CVE-2016-0792, CVE-2016-3721, CVE-2016-3722, CVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727

CWE: 284, 297

RHSA: 2016:1773

Detections

Analytics