diff --git a/dojo/tools/tenable/csv_format.py b/dojo/tools/tenable/csv_format.py index a2e2b72d086..271ca4d9d63 100644 --- a/dojo/tools/tenable/csv_format.py +++ b/dojo/tools/tenable/csv_format.py @@ -63,22 +63,33 @@ def _format_cpe(self, val): cpe_match = re.findall(r"cpe:/[^\n\ ]+", val) return cpe_match if cpe_match else None + def detect_delimiter(self, content: str): + """Detect the delimiter of the CSV file""" + if isinstance(content, bytes): + content = content.decode("utf-8") + first_line = content.split('\n')[0] + if ';' in first_line: + return ';' + else: + return ',' # default to comma if no semicolon found + def get_findings(self, filename: str, test: Test): # Read the CSV content = filename.read() + delimiter = self.detect_delimiter(content) if isinstance(content, bytes): content = content.decode("utf-8") csv.field_size_limit(int(sys.maxsize / 10)) # the request/resp are big - reader = csv.DictReader(io.StringIO(content)) + reader = csv.DictReader(io.StringIO(content), delimiter=delimiter) dupes = {} # Iterate over each line and create findings for row in reader: # title: Could come from "Name" or "Plugin Name" - title = row.get("Name", row.get("Plugin Name")) + title = row.get("Name", row.get("Plugin Name", row.get("asset.name"))) if title is None or title == "": continue # severity: Could come from "Severity" or "Risk" - raw_severity = row.get("Risk", "") + raw_severity = row.get("Risk", row.get("severity", "")) if raw_severity == "": raw_severity = row.get("Severity", "Info") # this could actually be a int, so try to convert @@ -89,17 +100,17 @@ def get_findings(self, filename: str, test: Test): # convert the severity to something dojo likes severity = self._convert_severity(raw_severity) # Other text fields - description = row.get("Synopsis", "") - mitigation = str(row.get("Solution", "N/A")) - impact = row.get("Description", "N/A") - references = row.get("See Also", "N/A") + description = row.get("Synopsis", row.get("definition.synopsis", "N/A")) + mitigation = str(row.get("Solution", row.get("definition.solution", "N/A"))) + impact = row.get("Description", row.get("definition.description", "N/A")) + references = row.get("See Also", row.get("definition.see_also", "N/A")) # Determine if the current row has already been processed dupe_key = ( severity + title - + row.get("Host", "No host") - + str(row.get("Port", "No port")) - + row.get("Synopsis", "No synopsis") + + row.get("Host", row.get("asset.host_name", "No host")) + + str(row.get("Port", row.get("asset.port", "No port"))) + + row.get("Synopsis", row.get("definition.synopsis", "No synopsis")) ) # Finding has not been detected in the current report. Proceed with # parsing @@ -123,11 +134,11 @@ def get_findings(self, filename: str, test: Test): ).clean_vector(output_prefix=True) # Add CVSS score if present - cvssv3 = row.get("CVSSv3", "") + cvssv3 = row.get("CVSSv3", row.get("definition.cvss3.base_score", "")) if cvssv3 != "": find.cvssv3_score = cvssv3 # manage CPE data - detected_cpe = self._format_cpe(str(row.get("CPE", ""))) + detected_cpe = self._format_cpe(str(row.get("CPE", row.get("definition.cpe", "")))) if detected_cpe: # FIXME support more than one CPE in Nessus CSV parser if len(detected_cpe) > 1: @@ -156,26 +167,26 @@ def get_findings(self, filename: str, test: Test): # Determine if there is more details to be included in the # description - plugin_output = str(row.get("Plugin Output", "")) + plugin_output = str(row.get("Plugin Output", row.get("output", ""))) if plugin_output != "": find.description += f"\n\n{plugin_output}" # Process any CVEs - detected_cve = self._format_cve(str(row.get("CVE", ""))) + detected_cve = self._format_cve(str(row.get("CVE", row.get("definition.cve", "")))) if detected_cve: if isinstance(detected_cve, list): find.unsaved_vulnerability_ids += detected_cve else: find.unsaved_vulnerability_ids.append(detected_cve) # Endpoint related fields - host = row.get("Host", "") + host = row.get("Host", row.get("asset.host_name", "")) if host == "": host = row.get("DNS Name", "") if host == "": host = row.get("IP Address", "localhost") - protocol = row.get("Protocol", "") + protocol = row.get("Protocol", row.get("protocol", "")) protocol = protocol.lower() if protocol != "" else None - port = row.get("Port", "") + port = str(row.get("Port", row.get("asset.port", ""))) if isinstance(port, str) and port in ["", "0"]: port = None # Update the endpoints diff --git a/unittests/scans/tenable/nessus/nessus_new.csv b/unittests/scans/tenable/nessus/nessus_new.csv new file mode 100644 index 00000000000..eeeea727f74 --- /dev/null +++ b/unittests/scans/tenable/nessus/nessus_new.csv @@ -0,0 +1,1659 @@ +age_in_days;asset.display_fqdn;asset.display_ipv4_address;asset.display_ipv6_address;asset.display_mac_address;asset.host_name;asset.id;asset.name;asset.netbios_name;asset.network.id;asset.network.name;asset.operating_system;asset.system_type;asset.tags;asset_inventory;default_account;definition.bugtraq;definition.cpe;definition.cve;definition.cvss2.base_score;definition.cvss2.base_vector;definition.cvss2.temporal_score;definition.cvss2.temporal_vector;definition.cvss3.base_score;definition.cvss3.base_vector;definition.cvss3.temporal_score;definition.cvss3.temporal_vector;definition.cwe;;definition.exploitability_ease;definition.exploited_by_malware;definition.exploited_by_nessus;definition.family;definition.iava;definition.iavb;definition.iavm;definition.iavt;definition.id;definition.in_the_news;definition.malware;definition.name;definition.patch_published;definition.plugin_published;definition.plugin_updated;definition.plugin_version;definition.references;definition.see_also;definition.severity;definition.solution;definition.stig_severity;definition.synopsis;definition.type;definition.unsupported_by_vendor;definition.vpr.drivers_age_of_vulns_high;definition.vpr.drivers_age_of_vulns_low;definition.vpr.drivers_cvss3_impact_score;definition.vpr.drivers_exploit_code_maturity;definition.vpr.drivers_product_coverage;definition.vpr.drivers_threat_intensity;definition.vpr.drivers_threat_recency_high;definition.vpr.drivers_threat_recency_low;definition.vpr.drivers_threat_sources;definition.vpr.score;definition.vulnerability_published;first_observed;id;last_seen;output;port;protocol;recast_reason;risk_modified;scan.id;severity;state +14;Blah1;10.0.0.1;fe80:0:0:0:20d:3aff:fe45:647f;00:0d:3a:45:64:7f;Blah1;aecb524a-c10d-4d41-89d9-fa887ae8fb00;Blah1;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 4.18.0-348.12.2.el8_5.x86_64 on AlmaLinux release 8.8 (Sapphire Caracal);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""Joe.Dixon@tttttttnnnnnn.com},{""category"":""Azure_OU"",""value"":""PU PLATFORM""},{""category"":""Azure_CC"",""value"":""MAPS-Floating car Data""},{""category"":""Azure_BU"",""value"":""Maps""},{""category"":""Azure"",""value"":""maps-wms-fcd-prod""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-06-28T11:50:44.895Z;0012b94a-f4a1-4f2c-babc-6cac61f3cd0a;2023-07-12T12:14:16.850Z;"' +The following running daemon is not managed by RPM : + +/usr/local/bin/node_exporter +";0;TCP;;NONE;a8c86324-469d-46aa-9176-50b1daaf1cd9;Low;ACTIVE +6;Blah2;10.0.0.2;fe80:0:0:0:222:48ff:febb:2c73;00:22:48:bb:2c:73;Blah2;37a1abf9-0e32-49e3-b565-7491c77da33f;Blah2;;00000000-0000-0000-0000-000000000000;Default;Ubuntu 18.04.6 LTS (Bionic Beaver);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_CC"",""value"":""PP-Search""},{""category"":""Azure"",""value"":""Search - prod""},{""category"":""Azure_OU"",""value"":""SEARCH""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-07-06T12:14:31.266Z;0022392f-e71d-4819-9e58-afde6b74c4cd;2023-07-12T12:07:10.379Z;"' +The following running daemon is not managed by dpkg : + +/usr/local/bin/consul +";0;TCP;;NONE;02c38dd7-09ce-43df-a5e2-6201badfb67b;Low;ACTIVE +5;Blah3;10.0.0.3;fe80:0:0:0:222:48ff:fe8c:27ac;00:22:48:8c:27:ac;Blah3;827d183d-6389-4762-a032-4cb5b73dc874;Blah3;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.8 (Sapphire Caracal);general-purpose;;;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-07-07T11:54:24.907Z;00541359-331b-4dec-abf1-0c231d6e9218;2023-07-12T11:53:33.337Z;"' +The following running daemons are not managed by RPM : + +/opt/grok_exporter/grok_exporter +/opt/prometheus/exporter/haproxy_exporter/haproxy_exporter-0.10.0.linux-amd64/haproxy_exporter +/opt/prometheus/exporters/dist/node_exporter-0.17.0.linux-amd64/node_exporter +";0;TCP;;NONE;cb0fc0ca-e6eb-498e-9595-c41d6b82159c;Low;ACTIVE +13;Blah4;10.0.0.4;fe80:0:0:0:20d:3aff:fe2e:c70d;00:0d:3a:2e:c7:0d;Blah4;520880f6-b39d-49a3-b19e-14e50c8d0720;Blah4;;00000000-0000-0000-0000-000000000000;Default;AlmaLinux 8.7 (Stone Smilodon);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""bruce.adam@tttttttnnnnnn.com},{""category"":""Azure_OU"",""value"":""PU PLATFORM""},{""category"":""Azure_CC"",""value"":""MAPS-Floating car Data""},{""category"":""Azure_BU"",""value"":""Maps""},{""category"":""Azure"",""value"":""consumer-sport-fws-prod""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-06-29T12:14:24.624Z;005b63e5-75f5-4c86-aa18-cf4e4fe904bb;2023-07-12T12:13:12.060Z;"' +The following running daemon is not managed by RPM : + +/usr/local/bin/node_exporter +";0;TCP;;NONE;8d415c91-c867-4dca-9a05-b2a2e8376a37;Low;ACTIVE +502;Blah5;10.0.0.5;;;Blah5;c2dcf701-4c4e-4aef-96f4-33247837f5f5;Blah5;;00000000-0000-0000-0000-000000000000;Default;HP JetDirect Printer;printer;"[{""category"":""Office"",""value"":""Gent""}]";;;;;;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;;;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N;;;;"The remote SSH server is configured to allow key exchange algorithms which are considered weak. + +This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes: + + diffie-hellman-group-exchange-sha1 + + diffie-hellman-group1-sha1 + + gss-gex-sha1-* + + gss-group1-sha1-* + + gss-group14-sha1-* + + rsa1024-sha1 + +Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.";;FALSE;FALSE;Misc.;;;;;153953;FALSE;FALSE;SSH Weak Key Exchange Algorithms Enabled;;2021-10-13T00:00:00Z;2021-10-13T00:00:00Z;1.2;;http://www.nessus.org/u?b02d91cd, https://datatracker.ietf.org/doc/html/rfc8732;Low;Contact the vendor or consult product documentation to disable the weak algorithms.;;The remote SSH server is configured to allow weak key exchange algorithms.;REMOTE;FALSE;;;;;;;;;;;;2022-02-25T15:07:55.004Z;008e61c1-0777-428e-a08e-ac56cab81bdd;2023-07-12T13:55:40.941Z;"' +The following weak key exchange algorithms are enabled : + + diffie-hellman-group-exchange-sha1 + diffie-hellman-group1-sha1 +";22;TCP;;NONE;8ec25ec0-bb5e-4867-9c24-3a990cde8c00;Low;RESURFACED +372;Blah6;10.0.0.6;;;Blah6;80a71790-bc3e-4488-8070-159730830c8f;Blah6;;00000000-0000-0000-0000-000000000000;Default;CISCO IOS 12, CISCO PIX, Cisco IOS XE, CISCO IOS 15;router;"[{""category"":""Office"",""value"":""Amsterdam DRK""}]";;;32319;;CVE-2008-5161;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;;;;;200;"The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. + +Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.";NOT_AVAILABLE;FALSE;FALSE;Misc.;;;;;70658;FALSE;FALSE;SSH Server CBC Mode Ciphers Enabled;;2013-10-28T00:00:00Z;2018-07-30T00:00:00Z;1.4;BUGTRAQ=[32319], CERT=[958563], CVE=[CVE-2008-5161], CWE=[200];;Low;Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.;;The SSH server is configured to use Cipher Block Chaining.;REMOTE;FALSE;;731;2.5;UNPROVEN;HIGH;VERY_LOW;;;No recorded events;2.5;2008-11-24T00:00:00Z;2022-07-05T12:07:49.962Z;00cdea5f-cf65-4e26-b518-83849ee3a10b;2023-07-10T08:17:04.298Z;"' +The following client-to-server Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes192-cbc + aes256-cbc + +The following server-to-client Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes192-cbc + aes256-cbc +";22;TCP;;NONE;a70b8545-fb33-43f4-9d57-a0dd5b754264;Low;RESURFACED +7;Blah7;10.0.0.7;fe80:0:0:0:20d:3aff:fe3a:46ef;00:0d:3a:3a:46:ef;Blah7;c8f35dac-2ae6-4092-8c98-c283edf3a957;Blah7;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 3.10.0-1160.76.1.el7.x86_64 on CentOS Linux release 7.9.2009 (Core);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Azure_CC"",""value"":""PP-Compute""},{""category"":""Azure"",""value"":""sp-managed-services-prod""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-07-05T11:56:20.550Z;00e491b5-46b2-4620-9254-3b2bec99d20c;2023-07-12T12:04:55.029Z;"' +The following running daemons are not managed by RPM : + +/opt/rapid7/ir_agent/components/insight_agent/3.3.2.35/ir_agent +/oracle/product/11204/bin/oracle +/oracle/product/11204/bin/tnslsnr +";0;TCP;;NONE;f2bf9d7a-7b04-459e-924b-cb0568adcc53;Low;ACTIVE +182;Blah8;10.0.0.8;fe80:0:0:0:20d:3aff:fe45:fe60;00:0d:3a:45:fe:60;Blah8;b041d1aa-1fc3-4fa5-8ee0-f9c21570145a;Blah8;;00000000-0000-0000-0000-000000000000;Default;Ubuntu 18.04.6 LTS (Bionic Beaver);azure-instance;"[{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Owners"",""value"":""Ben.Macnutt@tttttttnnnnnn.com},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Azure_CC"",""value"":""PP-Network \u0026 Security""},{""category"":""Azure"",""value"":""net-prod-services""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-01-11T14:47:14.218Z;00f80ff1-1f7d-496f-a606-bafa4b4610d0;2023-07-12T10:53:55.422Z;"' +The following running daemons are not managed by dpkg : + +/opt/microsoft/omsagent/plugin/npmd_agent +/opt/rapid7/ir_agent/components/insight_agent/3.3.2.35/ir_agent +";0;TCP;;NONE;0fdce5fe-18b9-4de3-9854-9a686f30fb43;Low;ACTIVE +429;Blah9;10.0.0.9;;;Blah9;a6ccee07-5abe-48de-bee3-20b8ff19c7d4;Blah9;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 3.1, Linux Kernel 3.2, Linux Kernel 3.3;general-purpose;"[{""category"":""Office"",""value"":""pune2""},{""category"":""Office"",""value"":""Pune""}]";;;;;;;;;;;;;;;"At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048 bits. + +Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally, some SSL certificate vendors may revoke certificates less than 2048 bits before January 1, 2014. + +Note that Nessus will not flag root certificates with RSA keys less than 2048 bits if they were issued prior to December 31, 2010, as the standard considers them exempt.";;FALSE;FALSE;General;;;;;69551;FALSE;FALSE;SSL Certificate Chain Contains RSA Keys Less Than 2048 bits;;2013-09-03T00:00:00Z;2018-11-15T00:00:00Z;1.4;;https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf;Low;Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and reissue any certificates signed by the old certificate.;;The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits.;REMOTE;FALSE;;;;;;;;;;;;2022-05-09T10:34:55.800Z;01476211-5bf3-4a44-8137-dc4b53441b0f;2023-07-11T20:51:21.228Z;"' +The following certificates were part of the certificate chain +sent by the remote host, but contain RSA keys that are considered +to be weak : + +|-Subject : C=NL/ST=Zuid-Holland/L=Gouda/O=Siqura/CN=0cdeb83bb76a70704933a692fe3d05f0/E=sales.nl@tkhsecurity.com +|-RSA Key Length : 1024 bits +";443;TCP;;NONE;2e2616c4-73be-4a5f-8462-0363fd979993;Low;RESURFACED +6;Blah10;10.0.0.10;fe80:0:0:0:20d:3aff:fea9:6d1d;00:0d:3a:a9:6d:1d;Blah10;5e5953f9-76fb-40e1-b822-77f921a7f4a6;Blah10;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 3.10.0-1160.92.1.el7.x86_64 on CentOS Linux release 7.9.2009 (Core);azure-instance;"[{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Owners"",""value"":""hans.vanleijen@tttttttnnnnnn.com},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Azure"",""value"":""CIT-DSP-Prod""},{""category"":""Azure_CC"",""value"":""PP-Device Service Platform""}]";;;;p-cpe:/a:centos:centos:java-1.8.0-openjdk, p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility, p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo, p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel, p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip, p-cpe:/a:centos:centos:java-1.8.0-openjdk-src, cpe:/o:centos:centos:7;CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;192, 330, 400, 770;"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7002 advisory. + + - OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) + + - OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) + + - OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) + + - OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;166552;FALSE;FALSE;CentOS 7 : java-1.8.0-openjdk (CESA-2022:7002);2022-10-26T00:00:00Z;2022-10-26T00:00:00Z;2023-03-22T00:00:00Z;1.3;CVE=[CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628], CWE=[192, 330, 400, 770], RHSA=[2022:7002];http://www.nessus.org/u?0ce1bb6f;Low;Update the affected packages.;;The remote CentOS Linux host is missing one or more security updates.;LOCAL;FALSE;365;181;1.4;FUNCTIONAL;VERY_HIGH;VERY_LOW;;;No recorded events;2.9;2022-10-17T00:00:00Z;2023-07-06T11:49:24.456Z;015b03b2-df43-4b9b-ad35-f81a9c8e3532;2023-07-12T11:53:16.937Z;"' +Remote package installed : java-1.8.0-openjdk-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-1.8.0.352.b08-2.el7_9 + +Remote package installed : java-1.8.0-openjdk-headless-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el7_9 + +";0;TCP;;NONE;1e409ea3-111d-4211-9e8b-dcd5037a9242;Low;ACTIVE +133;Blah11;10.0.0.11;;02:42:f7:71:1d:73;Blah11;89fc1c57-ba65-40ec-8cc0-64500ceb8497;Blah11;;00000000-0000-0000-0000-000000000000;Default;Ubuntu 18.04.6 LTS (Bionic Beaver);general-purpose;"[{""category"":""Office"",""value"":""Eindhoven""},{""category"":""Endpoints"",""value"":""all""},{""category"":""Endpoints"",""value"":""Linux""}]";;;;cpe:/o:canonical:ubuntu_linux:18.04:-:lts, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk-headless, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-demo, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-source, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-demo, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-jdk, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-jdk-headless, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-jre, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-jre-headless, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-jre-zero, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-source, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, cpe:/o:canonical:ubuntu_linux:22.10, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-demo, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-jdk, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-jdk-headless, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-jre, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-jre-headless, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-jre-zero, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-source;CVE-2023-21835, CVE-2023-21843;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;;"The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5897-1 advisory. + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; + Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-21835) + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-21843) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;Ubuntu Local Security Checks;;;;;171969;FALSE;FALSE;Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 : OpenJDK vulnerabilities (USN-5897-1);2023-02-28T00:00:00Z;2023-02-28T00:00:00Z;2023-02-28T00:00:00Z;1.0;CVE=[CVE-2023-21835, CVE-2023-21843], USN=[5897-1];https://ubuntu.com/security/notices/USN-5897-1;Low;Update the affected packages.;;The remote Ubuntu host is missing one or more security updates.;LOCAL;FALSE;180;61;1.4;UNPROVEN;MEDIUM;VERY_LOW;;;No recorded events;1.4;2023-01-17T00:00:00Z;2023-03-01T10:37:02.310Z;01640014-656c-4b18-988b-5d01d630ff54;2023-07-12T09:05:36.399Z;"' + - Installed package : openjdk-11-jdk_11.0.13+8-0ubuntu1~18.04 + Fixed package : openjdk-11-jdk_11.0.18+10-0ubuntu1~18.04.1 + + - Installed package : openjdk-11-jdk-headless_11.0.13+8-0ubuntu1~18.04 + Fixed package : openjdk-11-jdk-headless_11.0.18+10-0ubuntu1~18.04.1 + + - Installed package : openjdk-11-jre_11.0.13+8-0ubuntu1~18.04 + Fixed package : openjdk-11-jre_11.0.18+10-0ubuntu1~18.04.1 + + - Installed package : openjdk-11-jre-headless_11.0.13+8-0ubuntu1~18.04 + Fixed package : openjdk-11-jre-headless_11.0.18+10-0ubuntu1~18.04.1 + + - Installed package : openjdk-17-jdk_17.0.5+8-2ubuntu1~18.04 + Fixed package : openjdk-17-jdk_17.0.6+10-0ubuntu1~18.04.1 + + - Installed package : openjdk-17-jdk-headless_17.0.5+8-2ubuntu1~18.04 + Fixed package : openjdk-17-jdk-headless_17.0.6+10-0ubuntu1~18.04.1 + + - Installed package : openjdk-17-jre_17.0.5+8-2ubuntu1~18.04 + Fixed package : openjdk-17-jre_17.0.6+10-0ubuntu1~18.04.1 + + - Installed package : openjdk-17-jre-headless_17.0.5+8-2ubuntu1~18.04 + Fixed package : openjdk-17-jre-headless_17.0.6+10-0ubuntu1~18.04.1 + +";0;TCP;;NONE;b3da738d-1587-4b8b-8612-c6b8a1b90358;Low;ACTIVE +6;Blah12;10.0.0.12;fe80:0:0:0:6245:bdff:fe9e:d861;60:45:bd:9e:d8:61;Blah12;2b3411d0-acca-4435-b28b-8eec458988bc;Blah12;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.8 (Sapphire Caracal);general-purpose;;;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-07-06T11:58:50.363Z;018e8cec-5869-4f74-90db-3faa469ccbb3;2023-07-06T11:58:50.363Z;"' +The following running daemons are not managed by RPM : + +/opt/grok_exporter/grok_exporter +/opt/prometheus/exporters/dist/node_exporter-0.18.1.linux-amd64/node_exporter +/opt/prometheus/exporters/dist/prometheus_varnish_exporter-1.6.1.linux-amd64/prometheus_varnish_exporter +";0;TCP;;NONE;4962a309-8f1a-4293-bb28-e801e5c430f0;Low;NEW +0;Blah13;10.0.0.13;fe80:0:0:0:6245:bdff:fe89:2193;60:45:bd:89:21:93;Blah13;6d030a37-b9e1-4f64-b340-39ebcf7ba0cc;Blah13;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;Linux Kernel 3.10.0-1160.90.1.el7.x86_64 on CentOS Linux release 7.9.2009 (Core);general-purpose;"[{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure"",""value"":""CIT-DSP-Test""},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Owners"",""value"":""hans.vanleijen@tttttttnnnnnn.com},{""category"":""Azure_CC"",""value"":""PP-Device Service Platform""}]";;;;p-cpe:/a:centos:centos:java-1.8.0-openjdk, p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility, p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo, p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel, p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip, p-cpe:/a:centos:centos:java-1.8.0-openjdk-src, cpe:/o:centos:centos:7;CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;192, 330, 400, 770;"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7002 advisory. + + - OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) + + - OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) + + - OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) + + - OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;166552;FALSE;FALSE;CentOS 7 : java-1.8.0-openjdk (CESA-2022:7002);2022-10-26T00:00:00Z;2022-10-26T00:00:00Z;2023-03-22T00:00:00Z;1.3;CVE=[CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628], CWE=[192, 330, 400, 770], RHSA=[2022:7002];http://www.nessus.org/u?0ce1bb6f;Low;Update the affected packages.;;The remote CentOS Linux host is missing one or more security updates.;LOCAL;FALSE;365;181;1.4;FUNCTIONAL;VERY_HIGH;VERY_LOW;;;No recorded events;2.9;2022-10-17T00:00:00Z;2023-07-12T11:41:43.765Z;01b5e820-a122-484d-8ec2-04935f83b9a1;2023-07-12T11:41:43.765Z;"' +Remote package installed : java-1.8.0-openjdk-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-1.8.0.352.b08-2.el7_9 + +Remote package installed : java-1.8.0-openjdk-headless-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el7_9 + +";0;TCP;;NONE;f9ac5788-50ea-40de-b2b3-e567c2c31547;Low;NEW +15;Blah14;10.0.0.14;;00:22:48:7f:a6:40;Blah14;509ba999-555c-4ba5-bf59-a312fb5748cb;Blah14;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Owners"",""value"":""hans.vanleijen@tttttttnnnnnn.com},{""category"":""Azure"",""value"":""CIT-DSP-Prod""},{""category"":""Azure_CC"",""value"":""PP-Device Service Platform""}]";;;;p-cpe:/a:centos:centos:java-1.8.0-openjdk, p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility, p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo, p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel, p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip, p-cpe:/a:centos:centos:java-1.8.0-openjdk-src, cpe:/o:centos:centos:7;CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;192, 330, 400, 770;"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7002 advisory. + + - OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) + + - OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) + + - OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) + + - OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;166552;FALSE;FALSE;CentOS 7 : java-1.8.0-openjdk (CESA-2022:7002);2022-10-26T00:00:00Z;2022-10-26T00:00:00Z;2023-03-22T00:00:00Z;1.3;CVE=[CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628], CWE=[192, 330, 400, 770], RHSA=[2022:7002];http://www.nessus.org/u?0ce1bb6f;Low;Update the affected packages.;;The remote CentOS Linux host is missing one or more security updates.;LOCAL;FALSE;365;181;1.4;FUNCTIONAL;VERY_HIGH;VERY_LOW;;;No recorded events;2.9;2022-10-17T00:00:00Z;2023-06-27T11:42:34.002Z;01bb51da-8473-41c0-bdd6-97cc29fa231e;2023-06-27T11:42:34.002Z;"' +Remote package installed : java-1.8.0-openjdk-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-1.8.0.352.b08-2.el7_9 + +Remote package installed : java-1.8.0-openjdk-headless-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el7_9 + +";0;TCP;;NONE;6c53ab1f-528b-4322-8f35-116cd563f176;Low;NEW +6;Blah15;10.0.0.15;fe80:0:0:0:222:48ff:fe86:546c;00:22:48:86:54:6c;Blah15;373976ae-96e9-49ff-a174-30d83ed741db;Blah15;;00000000-0000-0000-0000-000000000000;Default;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Owners"",""value"":""hans.vanleijen@tttttttnnnnnn.com},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Azure"",""value"":""CIT-DSP-Dev""},{""category"":""Azure_CC"",""value"":""PP-Device Service Platform""}]";;;;p-cpe:/a:centos:centos:java-1.8.0-openjdk, p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility, p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo, p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel, p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip, p-cpe:/a:centos:centos:java-1.8.0-openjdk-src, cpe:/o:centos:centos:7;CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;192, 330, 400, 770;"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7002 advisory. + + - OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) + + - OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) + + - OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) + + - OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;166552;FALSE;FALSE;CentOS 7 : java-1.8.0-openjdk (CESA-2022:7002);2022-10-26T00:00:00Z;2022-10-26T00:00:00Z;2023-03-22T00:00:00Z;1.3;CVE=[CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628], CWE=[192, 330, 400, 770], RHSA=[2022:7002];http://www.nessus.org/u?0ce1bb6f;Low;Update the affected packages.;;The remote CentOS Linux host is missing one or more security updates.;LOCAL;FALSE;365;181;1.4;FUNCTIONAL;VERY_HIGH;VERY_LOW;;;No recorded events;2.9;2022-10-17T00:00:00Z;2023-07-06T11:54:55.089Z;01d52849-4fc6-436f-8f8a-42893193ed3e;2023-07-06T11:54:55.089Z;"' +Remote package installed : java-1.8.0-openjdk-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-1.8.0.352.b08-2.el7_9 + +Remote package installed : java-1.8.0-openjdk-headless-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el7_9 + +";0;TCP;;NONE;a775470c-6443-4825-9650-d9780aea04b0;Low;NEW +21;Blah16;10.0.0.16;fe80:0:0:0:20d:3aff:feab:f519;00:0d:3a:ab:f5:19;Blah16;f7eec588-9edf-4b8d-b970-3dd57714fad6;Blah16;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.6 (Sky Tiger);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-dev""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-06-21T11:49:40.944Z;01e64997-d8e4-45cc-9c85-de6925ed2664;2023-07-12T12:07:43.535Z;"' +The following running daemons are not managed by RPM : + +/opt/consul-agent_exporter/consul-agent_exporter +/opt/consul/consul_1.15.3 +/opt/node_exporter/node_exporter +/opt/traefik/traefik +";0;TCP;;NONE;18f99379-95e6-4c04-988d-b3e9a82519c8;Low;ACTIVE +429;Blah17;10.0.0.17;;;Blah17;e672ed00-426f-4e49-af83-d11dfb50ffe7;Blah17;;00000000-0000-0000-0000-000000000000;Default;CISCO IOS 12, CISCO PIX, Cisco IOS XE, CISCO IOS 15;router;"[{""category"":""Office"",""value"":""pune2""},{""category"":""Office"",""value"":""Pune""}]";;;32319;;CVE-2008-5161;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;;;;;200;"The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. + +Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.";NOT_AVAILABLE;FALSE;FALSE;Misc.;;;;;70658;FALSE;FALSE;SSH Server CBC Mode Ciphers Enabled;;2013-10-28T00:00:00Z;2018-07-30T00:00:00Z;1.4;BUGTRAQ=[32319], CERT=[958563], CVE=[CVE-2008-5161], CWE=[200];;Low;Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.;;The SSH server is configured to use Cipher Block Chaining.;REMOTE;FALSE;;731;2.5;UNPROVEN;HIGH;VERY_LOW;;;No recorded events;2.5;2008-11-24T00:00:00Z;2022-05-09T11:38:51.535Z;01f27e59-ec6c-4f18-a21e-60f795a4e97a;2023-07-11T13:39:21.328Z;"' +The following client-to-server Cipher Block Chaining (CBC) algorithms +are supported : + + aes256-cbc + +The following server-to-client Cipher Block Chaining (CBC) algorithms +are supported : + + aes256-cbc +";22;TCP;;NONE;2e2616c4-73be-4a5f-8462-0363fd979993;Low;RESURFACED +6;Blah18;10.0.0.18;fe80:0:0:0:20d:3aff:fe46:95fb;00:0d:3a:46:95:fb;Blah18;59601cfc-1619-4af0-a8aa-0746e5302f86;Blah18;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.6 (Sky Tiger);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-prod""}]";;;;p-cpe:/a:alma:linux:java-1.8.0-openjdk, p-cpe:/a:alma:linux:java-1.8.0-openjdk-accessibility, p-cpe:/a:alma:linux:java-1.8.0-openjdk-accessibility-fastdebug, p-cpe:/a:alma:linux:java-1.8.0-openjdk-accessibility-slowdebug, p-cpe:/a:alma:linux:java-1.8.0-openjdk-demo, p-cpe:/a:alma:linux:java-1.8.0-openjdk-demo-fastdebug, p-cpe:/a:alma:linux:java-1.8.0-openjdk-demo-slowdebug, p-cpe:/a:alma:linux:java-1.8.0-openjdk-devel, p-cpe:/a:alma:linux:java-1.8.0-openjdk-devel-fastdebug, p-cpe:/a:alma:linux:java-1.8.0-openjdk-devel-slowdebug, p-cpe:/a:alma:linux:java-1.8.0-openjdk-fastdebug, p-cpe:/a:alma:linux:java-1.8.0-openjdk-headless, p-cpe:/a:alma:linux:java-1.8.0-openjdk-headless-fastdebug, p-cpe:/a:alma:linux:java-1.8.0-openjdk-headless-slowdebug, p-cpe:/a:alma:linux:java-1.8.0-openjdk-javadoc, p-cpe:/a:alma:linux:java-1.8.0-openjdk-javadoc-zip, p-cpe:/a:alma:linux:java-1.8.0-openjdk-slowdebug, p-cpe:/a:alma:linux:java-1.8.0-openjdk-src, p-cpe:/a:alma:linux:java-1.8.0-openjdk-src-fastdebug, p-cpe:/a:alma:linux:java-1.8.0-openjdk-src-slowdebug, cpe:/o:alma:linux:8, cpe:/o:alma:linux:8::appstream, cpe:/o:alma:linux:8::powertools;CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;192, 330, 400, 770;"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7006 advisory. + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2022-21619) + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2022-21624) + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. + (CVE-2022-21626) + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2022-21628) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;Alma Linux Local Security Checks;;;;;166406;FALSE;FALSE;AlmaLinux 8 : java-1.8.0-openjdk (ALSA-2022:7006);2022-10-19T00:00:00Z;2022-10-21T00:00:00Z;2023-03-22T00:00:00Z;1.3;CVE=[CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628], CWE=[192, 330, 400, 770];https://errata.almalinux.org/8/ALSA-2022-7006.html;Low;Update the affected packages.;;The remote AlmaLinux host is missing one or more security updates.;LOCAL;FALSE;365;181;1.4;FUNCTIONAL;VERY_HIGH;VERY_LOW;;;No recorded events;2.9;2022-10-17T00:00:00Z;2023-07-06T11:57:01.015Z;01f8ca37-37ac-4917-8077-a61a46c0ce0e;2023-07-12T11:59:04.524Z;"' +Remote package installed : java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6 +Should be : java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6 + +Remote package installed : java-1.8.0-openjdk-devel-1.8.0.332.b09-2.el8_6 +Should be : java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_6 + +Remote package installed : java-1.8.0-openjdk-headless-1.8.0.332.b09-2.el8_6 +Should be : java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_6 + +";0;TCP;;NONE;12fe8132-d877-41c8-bbb8-be9479d3c940;Low;ACTIVE +50;Blah19;10.0.0.19;fe80:0:0:0:ec4:7aff:fe88:1554;0c:c4:7a:88:15:54;Blah19;259f4e7d-6509-44b6-8657-0ef4e741fc45;Blah19;;00000000-0000-0000-0000-000000000000;Default;Ubuntu 16.04.6 LTS (Xenial Xerus);general-purpose;"[{""category"":""Data_Centers"",""value"":""EMEA: Data Center 1""}]";;;;cpe:/o:canonical:ubuntu_linux:16.04:-:esm, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:curl, p-cpe:/a:canonical:ubuntu_linux:libcurl3, p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls, p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss, p-cpe:/a:canonical:ubuntu_linux:libcurl4, p-cpe:/a:canonical:ubuntu_linux:libcurl4-gnutls-dev, p-cpe:/a:canonical:ubuntu_linux:libcurl4-nss-dev, p-cpe:/a:canonical:ubuntu_linux:libcurl4-openssl-dev;CVE-2022-35252;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P;2.0;CVSS2#E:POC/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L;3.4;CVSS:3.0/E:P/RL:O/RC:C;;"The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5587-1 advisory. + + - When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. + Effectively allowing asister site to deny service to all siblings. (CVE-2022-35252) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";AVAILABLE;FALSE;FALSE;Ubuntu Local Security Checks;2022-A-0350-S;;II;;164627;FALSE;FALSE;Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : curl vulnerability (USN-5587-1);2022-09-01T00:00:00Z;2022-09-01T00:00:00Z;2023-07-12T00:00:00Z;1.9;CVE=[CVE-2022-35252], IAVA=[2022-A-0350-S], USN=[5587-1];https://ubuntu.com/security/notices/USN-5587-1;Low;Update the affected packages.;II;The remote Ubuntu host is missing a security update.;LOCAL;FALSE;365;181;1.4;PROOF_OF_CONCEPT;VERY_HIGH;VERY_LOW;;;No recorded events;2.2;2022-09-01T00:00:00Z;2023-05-23T10:55:09.576Z;0250e198-c836-4c0b-88a0-e21ec72bc498;2023-07-12T11:01:34.587Z;"' + - Installed package : curl_7.47.0-1ubuntu2.19 + Fixed package : curl_7.47.0-1ubuntu2.19+esm5 + + - Installed package : libcurl3_7.47.0-1ubuntu2.19 + Fixed package : libcurl3_7.47.0-1ubuntu2.19+esm5 + + - Installed package : libcurl3-gnutls_7.47.0-1ubuntu2.19 + Fixed package : libcurl3-gnutls_7.47.0-1ubuntu2.19+esm5 + +";0;TCP;;NONE;0fdce5fe-18b9-4de3-9854-9a686f30fb43;Low;ACTIVE +6;Blah20;10.0.0.20;fe80:0:0:0:20d:3aff:fe28:6247;00:0d:3a:28:62:47;Blah20;625a7b3f-e8d8-4122-b395-dafeddec9826;Blah20;;00000000-0000-0000-0000-000000000000;Default;Ubuntu 18.04.6 LTS (Bionic Beaver);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_CC"",""value"":""PP-Search""},{""category"":""Azure"",""value"":""Search - prod""},{""category"":""Azure_OU"",""value"":""SEARCH""},{""category"":""Office"",""value"":""Poland""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-07-06T12:13:58.904Z;02661104-11b4-4219-a061-776e141c1293;2023-07-12T12:02:28.694Z;"' +The following running daemon is not managed by dpkg : + +/usr/local/bin/consul +";0;TCP;;NONE;02c38dd7-09ce-43df-a5e2-6201badfb67b;Low;ACTIVE +379;Blah21;10.0.0.21;;;Blah21;9fb9e2d2-dcb5-434b-8cfe-cd3b543dcfd2;Blah21;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 2.6;unknown;"[{""category"":""Office"",""value"":""pune2""},{""category"":""Network_Security"",""value"":""Assets""},{""category"":""Office"",""value"":""Pune""}]";;;;;;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;;;;;;;;"The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak. + +Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.";;FALSE;FALSE;Misc.;;;;;71049;FALSE;FALSE;SSH Weak MAC Algorithms Enabled;;2013-11-22T00:00:00Z;2016-12-14T00:00:00Z;;;;Low;Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.;;The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.;REMOTE;FALSE;;;;;;;;;;;;2022-06-28T09:33:55.288Z;0275e78c-b263-42da-81b1-d2998fb411c0;2023-07-11T20:25:44.605Z;"' +The following client-to-server Message Authentication Code (MAC) algorithms +are supported : + + hmac-md5 + hmac-md5-96 + hmac-md5-96-etm@openssh.com + hmac-md5-etm@openssh.com + hmac-sha1-96 + hmac-sha1-96-etm@openssh.com + +The following server-to-client Message Authentication Code (MAC) algorithms +are supported : + + hmac-md5 + hmac-md5-96 + hmac-md5-96-etm@openssh.com + hmac-md5-etm@openssh.com + hmac-sha1-96 + hmac-sha1-96-etm@openssh.com +";22;TCP;;NONE;2e2616c4-73be-4a5f-8462-0363fd979993;Low;RESURFACED +27;Blah22;10.0.0.22;fe80:0:0:0:20d:3aff:fe2b:a431;00:0d:3a:2b:a4:31;Blah22;742e2435-9ff2-493d-8607-25b105115255;Blah22;;00000000-0000-0000-0000-000000000000;Default;Red Hat Enterprise Linux 8.2 (Ootpa);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""Artem.Zaitsev@tomtom.com;guido.blenk@tttttttnnnnnn.com},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Azure_CC"",""value"":""PP-Storage""},{""category"":""Azure"",""value"":""cit-storage-test""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-06-15T12:12:08.927Z;02787b99-ea66-4913-b4db-f0e039508a8f;2023-06-20T12:15:40.955Z;"' +The following running daemon is not managed by RPM : + +/opt/rapid7/ir_agent/components/insight_agent/3.3.2.35/ir_agent +";0;TCP;;NONE;f946d3ae-9614-441a-95ca-907d106c5f9d;Low;ACTIVE +380;Blah23;10.0.0.23;;;Blah23;c699741b-9dbc-4f3e-8095-439652dae194;Blah23;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 2.6;general-purpose;"[{""category"":""Office"",""value"":""Eindhoven""}]";;;;;;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;;;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N;;;;"The remote SSH server is configured to allow key exchange algorithms which are considered weak. + +This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes: + + diffie-hellman-group-exchange-sha1 + + diffie-hellman-group1-sha1 + + gss-gex-sha1-* + + gss-group1-sha1-* + + gss-group14-sha1-* + + rsa1024-sha1 + +Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.";;FALSE;FALSE;Misc.;;;;;153953;FALSE;FALSE;SSH Weak Key Exchange Algorithms Enabled;;2021-10-13T00:00:00Z;2021-10-13T00:00:00Z;1.2;;http://www.nessus.org/u?b02d91cd, https://datatracker.ietf.org/doc/html/rfc8732;Low;Contact the vendor or consult product documentation to disable the weak algorithms.;;The remote SSH server is configured to allow weak key exchange algorithms.;REMOTE;FALSE;;;;;;;;;;;;2022-06-27T12:27:30.880Z;0289084b-33b3-4eae-a2f3-1080f44e8dde;2023-07-10T12:58:08.592Z;"' +The following weak key exchange algorithms are enabled : + + diffie-hellman-group-exchange-sha1 + diffie-hellman-group1-sha1 +";22;TCP;;NONE;06f8d74d-94b0-4a80-b581-fc3c273cc695;Low;RESURFACED +5;Blah24;10.0.0.24;fe80:0:0:0:6245:bdff:fe9c:adfd;60:45:bd:9c:ad:fd;Blah24;3d37a1cf-9889-4967-b0df-9f49e09f577c;Blah24;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;Linux Kernel 3.10.0-1160.83.1.el7.x86_64 on CentOS Linux release 7.9.2009 (Core);general-purpose;"[{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure"",""value"":""tti-delivery-perseus""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Platform""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-07-07T11:46:38.968Z;02cc2b57-0d08-468a-a2dc-8386400a6c1b;2023-07-07T11:46:38.968Z;"' +The following running daemon is not managed by RPM : + +/opt/prometheus/exporters/dist/node_exporter-1.3.1.linux-amd64/node_exporter +";0;TCP;;NONE;6e0311af-4093-426c-9b14-81d82e28e1ab;Low;NEW +4;Blah25;10.0.0.25;fe80:0:0:0:222:48ff:fe83:9b4c;00:22:48:83:9b:4c;Blah25;0e400b22-c66b-4789-bff3-fd6c9d81df98;Blah25;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.8 (Sapphire Caracal);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Platform""},{""category"":""Azure"",""value"":""tti-m2-prod""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-07-08T11:44:48.965Z;02eb8cfa-96b6-4d11-ad61-359a57c92c2c;2023-07-12T11:54:42.232Z;"' +The following running daemons are not managed by RPM : + +/opt/grok_exporter/grok_exporter +/opt/prometheus/exporters/dist/node_exporter-0.18.1.linux-amd64/node_exporter +/opt/prometheus/exporters/dist/prometheus_varnish_exporter-1.6.1.linux-amd64/prometheus_varnish_exporter +";0;TCP;;NONE;cb0fc0ca-e6eb-498e-9595-c41d6b82159c;Low;ACTIVE +14;Blah26;10.0.0.26;fe80:0:0:0:42:f7ff:feb2:30fa;00:0d:3a:46:5d:1d;Blah26;e78f2c8b-2338-49d0-b2fd-2b8f0e0e876e;Blah26;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 4.18.0-425.19.2.el8_7.x86_64 on AlmaLinux release 8.8 (Sapphire Caracal);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure_BU"",""value"":""Maps""},{""category"":""Owners"",""value"":""Joe.Dixon@tttttttnnnnnn.com},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure"",""value"":""Maps Big Data Platform""},{""category"":""Azure_CC"",""value"":""MAPS-Floating car Data""},{""category"":""Azure_OU"",""value"":""PU PLATFORM""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-06-28T11:47:31.697Z;030c4cc1-e61c-4548-8551-2bc75ad96d12;2023-07-12T12:00:05.658Z;"' +The following running daemon is not managed by RPM : + +/usr/local/bin/node_exporter +";0;TCP;;NONE;d71442ac-05f1-4d12-b0bb-d14e96aa22ff;Low;ACTIVE +379;Blah27;10.0.0.27;;;Blah27;9c060c3c-fbcc-49da-9d87-05e6e4320840;Blah27;;00000000-0000-0000-0000-000000000000;Default;Cisco Device;embedded;"[{""category"":""Network_Security"",""value"":""Assets""},{""category"":""Office"",""value"":""Sao Paulo""}]";;;;;;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;;;;;;;;"The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak. + +Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.";;FALSE;FALSE;Misc.;;;;;71049;FALSE;FALSE;SSH Weak MAC Algorithms Enabled;;2013-11-22T00:00:00Z;2016-12-14T00:00:00Z;;;;Low;Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.;;The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.;REMOTE;FALSE;;;;;;;;;;;;2022-06-28T17:13:42.007Z;032e3367-a400-40ed-9029-5b1e2628a457;2023-07-11T18:27:26.306Z;"' +The following client-to-server Message Authentication Code (MAC) algorithms +are supported : + + hmac-sha1-96 + +The following server-to-client Message Authentication Code (MAC) algorithms +are supported : + + hmac-sha1-96 +";22;TCP;;NONE;854b5db4-6ffb-4621-bd7c-ff36568fb465;Low;ACTIVE +429;Blah28;10.0.0.28;;;Blah28;b2e6d9cf-3472-4388-8f75-133a6a8ff036;Blah28;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 3.1, Linux Kernel 3.2, Linux Kernel 3.3;general-purpose;"[{""category"":""Office"",""value"":""pune2""},{""category"":""Office"",""value"":""Pune""}]";;;;;;;;;;;;;;;"At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048 bits. + +Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally, some SSL certificate vendors may revoke certificates less than 2048 bits before January 1, 2014. + +Note that Nessus will not flag root certificates with RSA keys less than 2048 bits if they were issued prior to December 31, 2010, as the standard considers them exempt.";;FALSE;FALSE;General;;;;;69551;FALSE;FALSE;SSL Certificate Chain Contains RSA Keys Less Than 2048 bits;;2013-09-03T00:00:00Z;2018-11-15T00:00:00Z;1.4;;https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf;Low;Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and reissue any certificates signed by the old certificate.;;The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits.;REMOTE;FALSE;;;;;;;;;;;;2022-05-09T11:26:01.822Z;03580742-8ad1-439c-abc6-0f6b89073a16;2023-07-11T21:28:06.423Z;"' +The following certificates were part of the certificate chain +sent by the remote host, but contain RSA keys that are considered +to be weak : + +|-Subject : C=NL/ST=Zuid-Holland/L=Gouda/O=Siqura/CN=037e95f2b6e1bcd0e82dcf83dd10966a/E=sales.nl@tkhsecurity.com +|-RSA Key Length : 1024 bits +";8443;TCP;;NONE;2e2616c4-73be-4a5f-8462-0363fd979993;Low;RESURFACED +233;Blah29;10.0.0.29;;00:c0:b7:4f:30:15;Blah29;d24e0c4e-bf14-4cbc-a5ed-6415ea085a93;Blah29;;00000000-0000-0000-0000-000000000000;Default;APC UPS Management Card;embedded;"[{""category"":""Office"",""value"":""Eindhoven""}]";;;1499;cpe:/a:microsoft:iis;CVE-2000-0649;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;2.0;CVSS2#E:POC/RL:OF/RC:C;3.1;CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N;2.8;CVSS:3.0/E:P/RL:O/RC:C;200;"This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server. + +There is a known issue with Microsoft IIS 4.0 doing this in its default configuration. This may also affect other web servers, web applications, web proxies, load balancers and through a variety of misconfigurations related to redirection.";AVAILABLE;FALSE;FALSE;Web Servers;;;;;10759;FALSE;FALSE;Web Server HTTP Header Internal IP Disclosure;;2001-09-14T00:00:00Z;2022-12-30T00:00:00Z;1.63;BUGTRAQ=[1499], CVE=[CVE-2000-0649], CWE=[200];http://www.nessus.org/u?fe24f941, http://www.nessus.org/u?4eedfe2d, http://www.nessus.org/u?8e23582e;Low;Apply configuration suggested by vendor.;;This web server leaks a private IP address through its HTTP headers.;REMOTE;FALSE;;731;1.4;PROOF_OF_CONCEPT;LOW;VERY_LOW;;;No recorded events;2.2;2000-07-13T00:00:00Z;2022-11-21T14:31:30.330Z;03623962-ff30-4613-8e23-1d3b5705f01d;2023-07-10T12:58:08.592Z;"' +Nessus was able to exploit the issue using the following request : + +GET / HTTP/1.0 +Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1 +Accept-Language: en +Connection: Close +User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) +Pragma: no-cache +Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* + + + + +This produced the following truncated output (limited to 10 lines) : +------------------------------ snip ------------------------------ +Location: http:///home.htm +Content-Length: 0 +WebServer: +X-RBT-SCAR: 10.70.254.12:1392385484:1000 + + +------------------------------ snip ------------------------------ +";80;TCP;;NONE;06f8d74d-94b0-4a80-b581-fc3c273cc695;Low;RESURFACED +368;Blah30;10.0.0.30;;;Blah30;61dcb782-503f-4f53-8b9c-ed04677ce831;Blah30;;00000000-0000-0000-0000-000000000000;Default;F5 Networks BIG-IP;load-balancer;"[{""category"":""Data_Centers"",""value"":""EMEA: Data Center 1""}]";;;;;;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;;;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N;;;;"The remote SSH server is configured to allow key exchange algorithms which are considered weak. + +This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes: + + diffie-hellman-group-exchange-sha1 + + diffie-hellman-group1-sha1 + + gss-gex-sha1-* + + gss-group1-sha1-* + + gss-group14-sha1-* + + rsa1024-sha1 + +Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.";;FALSE;FALSE;Misc.;;;;;153953;FALSE;FALSE;SSH Weak Key Exchange Algorithms Enabled;;2021-10-13T00:00:00Z;2021-10-13T00:00:00Z;1.2;;http://www.nessus.org/u?b02d91cd, https://datatracker.ietf.org/doc/html/rfc8732;Low;Contact the vendor or consult product documentation to disable the weak algorithms.;;The remote SSH server is configured to allow weak key exchange algorithms.;REMOTE;FALSE;;;;;;;;;;;;2022-07-10T00:26:58.483Z;0387704e-9db5-49a5-bca7-29f82a33fda1;2023-07-08T23:31:06.370Z;"' +The following weak key exchange algorithms are enabled : + + diffie-hellman-group-exchange-sha1 +";22;TCP;;NONE;4e68d1bf-9631-41b9-b2f6-c6d6f294d6c0;Low;RESURFACED +256;Blah31;10.0.0.31;;02:42:4c:bc:f4:e0;Blah31;6fe1a5bf-6e10-47db-980a-736c3147c882;Blah31;;00000000-0000-0000-0000-000000000000;Default;CentOS Linux 7 (Core);general-purpose;"[{""category"":""Compute"",""value"":""compute-onprem""},{""category"":""Data_Centers"",""value"":""EMEA: Data Center 1""}]";;;32319;;CVE-2008-5161;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;;;;;200;"The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. + +Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.";NOT_AVAILABLE;FALSE;FALSE;Misc.;;;;;70658;FALSE;FALSE;SSH Server CBC Mode Ciphers Enabled;;2013-10-28T00:00:00Z;2018-07-30T00:00:00Z;1.4;BUGTRAQ=[32319], CERT=[958563], CVE=[CVE-2008-5161], CWE=[200];;Low;Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.;;The SSH server is configured to use Cipher Block Chaining.;REMOTE;FALSE;;731;2.5;UNPROVEN;HIGH;VERY_LOW;;;No recorded events;2.5;2008-11-24T00:00:00Z;2022-10-30T00:55:33.372Z;03962905-71a0-4c1b-acac-ed38fc9b9f8c;2023-07-08T23:42:25.583Z;"' +The following client-to-server Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes192-cbc + aes256-cbc + blowfish-cbc + cast128-cbc + +The following server-to-client Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes192-cbc + aes256-cbc + blowfish-cbc + cast128-cbc +";22;TCP;;NONE;4e68d1bf-9631-41b9-b2f6-c6d6f294d6c0;Low;RESURFACED +174;Blah32;10.0.0.32;fe80:0:0:0:c82f:287d:74eb:6a6c;00:15:5d:43:ac:03;Blah32;8a2f61cb-1036-4217-9f77-74193b63b798;Blah32;;00000000-0000-0000-0000-000000000000;Default;Microsoft Windows 10 Enterprise 10.0.19045;general-purpose;"[{""category"":""Endpoints"",""value"":""all""},{""category"":""Endpoints"",""value"":""Windows""}]";;;;cpe:/a:oracle:vm_virtualbox;CVE-2023-21885;1.7;CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N;1.3;CVSS2#E:U/RL:OF/RC:C;3.8;CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N;3.3;CVSS:3.0/E:U/RL:O/RC:C;;"The version of VirtualBox installed on the remote host is prior to 6.1.42 or prior to 7.0.6. It is, therefore, affected by an improper authorization vulnerability as referenced in the Jan 2023 CPU advisory: + + - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Applies to Windows only. + (CVE-2023-21885) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;Windows;2023-A-0045-S;;I;;170137;FALSE;FALSE;Oracle VM VirtualBox Improper Authorization Windows (Jan 2023 CPU);2023-01-17T00:00:00Z;2023-01-18T00:00:00Z;2023-04-20T00:00:00Z;1.3;CVE=[CVE-2023-21885], IAVA=[2023-A-0045-S];https://www.oracle.com/docs/tech/security-alerts/cpujan2023cvrf.xml, https://www.oracle.com/security-alerts/cpujan2023.html;Low;Apply the appropriate patch according to the Jan 2023 Oracle Critical Patch Update advisory.;I;The remote host is affected by an improper authorization vulnerability;LOCAL;FALSE;180;61;1.4;UNPROVEN;LOW;VERY_LOW;;;No recorded events;1.6;2023-01-17T00:00:00Z;2023-01-20T05:18:28.312Z;039931fa-d350-4548-a9f8-620790404715;2023-06-30T04:32:07.845Z;"' + Path : C:\Program Files\Oracle\VirtualBox\ + Installed version : 6.1.36.152435 + Fixed version : 6.1.42 +";445;TCP;;NONE;05ca3ea9-9219-48f4-99e4-e0617d91436a;Low;RESURFACED +133;Blah33;10.0.0.33;2003:f1:c72e:3600:2669:d0fe:b9c7:c9be;02:42:40:38:ff:d5;Blah33;a1be8aa5-65e9-4d00-993a-3bde60944168;Blah33;;00000000-0000-0000-0000-000000000000;Default;Ubuntu 18.04.6 LTS (Bionic Beaver);general-purpose;"[{""category"":""Endpoints"",""value"":""all""},{""category"":""Endpoints"",""value"":""Linux""}]";;;;cpe:/o:canonical:ubuntu_linux:18.04:-:lts, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk-headless, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-demo, p-cpe:/a:canonical:ubuntu_linux:openjdk-11-source, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-demo, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-jdk, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-jdk-headless, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-jre, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-jre-headless, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-jre-zero, p-cpe:/a:canonical:ubuntu_linux:openjdk-17-source, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, cpe:/o:canonical:ubuntu_linux:22.10, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-demo, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-jdk, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-jdk-headless, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-jre, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-jre-headless, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-jre-zero, p-cpe:/a:canonical:ubuntu_linux:openjdk-19-source;CVE-2023-21835, CVE-2023-21843;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;;"The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5897-1 advisory. + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; + Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-21835) + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-21843) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;Ubuntu Local Security Checks;;;;;171969;FALSE;FALSE;Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 : OpenJDK vulnerabilities (USN-5897-1);2023-02-28T00:00:00Z;2023-02-28T00:00:00Z;2023-02-28T00:00:00Z;1.0;CVE=[CVE-2023-21835, CVE-2023-21843], USN=[5897-1];https://ubuntu.com/security/notices/USN-5897-1;Low;Update the affected packages.;;The remote Ubuntu host is missing one or more security updates.;LOCAL;FALSE;180;61;1.4;UNPROVEN;MEDIUM;VERY_LOW;;;No recorded events;1.4;2023-01-17T00:00:00Z;2023-03-01T08:45:46.777Z;03db6a06-9f53-4829-8fe1-b79ad27fc934;2023-07-13T07:12:41.339Z;"' + - Installed package : openjdk-11-jdk_11.0.16+8-0ubuntu1~18.04 + Fixed package : openjdk-11-jdk_11.0.18+10-0ubuntu1~18.04.1 + + - Installed package : openjdk-11-jdk-headless_11.0.16+8-0ubuntu1~18.04 + Fixed package : openjdk-11-jdk-headless_11.0.18+10-0ubuntu1~18.04.1 + + - Installed package : openjdk-11-jre_11.0.16+8-0ubuntu1~18.04 + Fixed package : openjdk-11-jre_11.0.18+10-0ubuntu1~18.04.1 + + - Installed package : openjdk-11-jre-headless_11.0.16+8-0ubuntu1~18.04 + Fixed package : openjdk-11-jre-headless_11.0.18+10-0ubuntu1~18.04.1 + +";0;TCP;;NONE;18ce976c-e315-475e-90a7-54f3234823d0;Low;ACTIVE +20;Blah34;10.0.0.34;fe80:0:0:0:6245:bdff:fe97:f04b;60:45:bd:97:f0:4b;Blah34;5996aa19-f5d5-46d3-82bc-a94007098315;Blah34;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 3.10.0-1160.88.1.el7.x86_64 on CentOS Linux release 7.9.2009 (Core);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure"",""value"":""tti-lt-dev""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-06-22T15:03:15.638Z;03e10d91-b0ea-4a94-bd88-8c1bae115891;2023-07-12T12:10:19.679Z;"' +The following running daemon is not managed by RPM : + +/usr/local/bin/node_exporter +";0;TCP;;NONE;18f99379-95e6-4c04-988d-b3e9a82519c8;Low;ACTIVE +7;Blah35;10.0.0.35;fe80:0:0:0:20d:3aff:fea8:d436;00:0d:3a:a8:d4:36;Blah35;54f1844f-e329-4e48-b885-51d4611c5f3d;Blah35;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 3.10.0-1160.21.1.el7.x86_64 on CentOS Linux release 7.9.2009 (Core);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Azure_CC"",""value"":""PP-Compute""},{""category"":""Azure"",""value"":""cit-compute-prod""}]";;;;p-cpe:/a:centos:centos:java-1.8.0-openjdk, p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility, p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo, p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel, p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip, p-cpe:/a:centos:centos:java-1.8.0-openjdk-src, cpe:/o:centos:centos:7;CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;192, 330, 400, 770;"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7002 advisory. + + - OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) + + - OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) + + - OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) + + - OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;166552;FALSE;FALSE;CentOS 7 : java-1.8.0-openjdk (CESA-2022:7002);2022-10-26T00:00:00Z;2022-10-26T00:00:00Z;2023-03-22T00:00:00Z;1.3;CVE=[CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628], CWE=[192, 330, 400, 770], RHSA=[2022:7002];http://www.nessus.org/u?0ce1bb6f;Low;Update the affected packages.;;The remote CentOS Linux host is missing one or more security updates.;LOCAL;FALSE;365;181;1.4;FUNCTIONAL;VERY_HIGH;VERY_LOW;;;No recorded events;2.9;2022-10-17T00:00:00Z;2023-07-05T11:48:26.285Z;03f30e54-e10c-49fd-a7f7-69c7ca90ab01;2023-07-12T11:52:50.102Z;"' +Remote package installed : java-1.8.0-openjdk-1.8.0.282.b08-1.el7_9 +Should be : java-1.8.0-openjdk-1.8.0.352.b08-2.el7_9 + +Remote package installed : java-1.8.0-openjdk-headless-1.8.0.282.b08-1.el7_9 +Should be : java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el7_9 + +";0;TCP;;NONE;89f12141-a26e-474c-a587-8d1d948c3abe;Low;ACTIVE +319;Blah36;10.0.0.36;;;Blah36;5cf805a5-8101-44a0-b4eb-610332ba1067;Blah36;;00000000-0000-0000-0000-000000000000;Default;Dell iDRAC;embedded;"[{""category"":""Data_Centers"",""value"":""EMEA: Data Center 1""}]";;;;;;;;;;;;;;;"At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048 bits. + +Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally, some SSL certificate vendors may revoke certificates less than 2048 bits before January 1, 2014. + +Note that Nessus will not flag root certificates with RSA keys less than 2048 bits if they were issued prior to December 31, 2010, as the standard considers them exempt.";;FALSE;FALSE;General;;;;;69551;FALSE;FALSE;SSL Certificate Chain Contains RSA Keys Less Than 2048 bits;;2013-09-03T00:00:00Z;2018-11-15T00:00:00Z;1.4;;https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf;Low;Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and reissue any certificates signed by the old certificate.;;The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits.;REMOTE;FALSE;;;;;;;;;;;;2022-08-28T00:50:18.493Z;03fd045e-47a2-48ca-8024-91f72dd08225;2023-07-09T00:11:49.137Z;"' +The following certificates were part of the certificate chain +sent by the remote host, but contain RSA keys that are considered +to be weak : + +|-Subject : C=US/ST=Texas/L=Round Rock/O=Dell Inc./OU=Remote Access Group/CN=iDRAC7 default certificate +|-RSA Key Length : 1024 bits +";5900;TCP;;NONE;4e68d1bf-9631-41b9-b2f6-c6d6f294d6c0;Low;RESURFACED +6;Blah37;10.0.0.37;fe80:0:0:0:20d:3aff:fe22:9db9;00:0d:3a:22:9d:b9;Blah37;0397402b-79e0-439f-bbbd-a0aa9eaa4d11;Blah37;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.6 (Sky Tiger);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-prod""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-07-06T12:09:00.696Z;041750c8-d0e7-44ec-9cda-2d1b4a068cf7;2023-07-12T12:00:51.788Z;"' +The following running daemons are not managed by RPM : + +/opt/consul-agent_exporter/consul-agent_exporter +/opt/consul/consul_1.15.3 +/opt/node_exporter/node_exporter +/opt/traefik/traefik +";0;TCP;;NONE;12fe8132-d877-41c8-bbb8-be9479d3c940;Low;ACTIVE +5;Blah38;10.0.0.38;fe80:0:0:0:20d:3aff:feaa:b954;00:0d:3a:aa:b9:54;Blah38;9e7d7df7-b91e-4f12-a490-8176718cdb2f;Blah38;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.6 (Sky Tiger);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-prod""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-07-07T12:08:43.751Z;042e2992-1fa1-4634-830e-67a840f86db5;2023-07-10T11:44:47.335Z;"' +The following running daemons are not managed by RPM : + +/opt/consul-agent_exporter/consul-agent_exporter +/opt/consul/consul_1.15.3 +/opt/node_exporter/node_exporter +/opt/traefik/traefik +";0;TCP;;NONE;1a29b888-7c81-49dc-b173-691f352addb7;Low;ACTIVE +54;Blah39;10.0.0.39;fe80:0:0:0:6245:bdff:fef3:2104;60:45:bd:f3:21:04;Blah39;bf37984b-c711-4fd8-89a4-98ce473ceef2;Blah39;;00000000-0000-0000-0000-000000000000;Default;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Owners"",""value"":""hans.vanleijen@tttttttnnnnnn.com},{""category"":""Azure"",""value"":""CIT-DSP-Test""},{""category"":""Azure_CC"",""value"":""PP-Device Service Platform""}]";;;;p-cpe:/a:centos:centos:java-1.8.0-openjdk, p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility, p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo, p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel, p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip, p-cpe:/a:centos:centos:java-1.8.0-openjdk-src, cpe:/o:centos:centos:7;CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;192, 330, 400, 770;"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7002 advisory. + + - OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) + + - OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) + + - OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) + + - OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;166552;FALSE;FALSE;CentOS 7 : java-1.8.0-openjdk (CESA-2022:7002);2022-10-26T00:00:00Z;2022-10-26T00:00:00Z;2023-03-22T00:00:00Z;1.3;CVE=[CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628], CWE=[192, 330, 400, 770], RHSA=[2022:7002];http://www.nessus.org/u?0ce1bb6f;Low;Update the affected packages.;;The remote CentOS Linux host is missing one or more security updates.;LOCAL;FALSE;365;181;1.4;FUNCTIONAL;VERY_HIGH;VERY_LOW;;;No recorded events;2.9;2022-10-17T00:00:00Z;2023-05-19T12:24:14.966Z;04340d8a-e2c4-486d-a799-742be92c29aa;2023-06-13T11:44:51.877Z;"' +Remote package installed : java-1.8.0-openjdk-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-1.8.0.352.b08-2.el7_9 + +Remote package installed : java-1.8.0-openjdk-headless-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el7_9 + +";0;TCP;;NONE;e13d742c-1d55-4222-bf5c-f96130a88f51;Low;ACTIVE +429;Blah40;10.0.0.40;;;Blah40;db901594-5627-4f93-a5ed-34c8610c9274;Blah40;;00000000-0000-0000-0000-000000000000;Default;Cisco IOS XE, CISCO IOS;router;"[{""category"":""Office"",""value"":""pune2""},{""category"":""Office"",""value"":""Pune""}]";;;;;;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;;;;;;;;"The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak. + +Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.";;FALSE;FALSE;Misc.;;;;;71049;FALSE;FALSE;SSH Weak MAC Algorithms Enabled;;2013-11-22T00:00:00Z;2016-12-14T00:00:00Z;;;;Low;Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.;;The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.;REMOTE;FALSE;;;;;;;;;;;;2022-05-09T09:16:58.224Z;0436af7b-88b9-4ec0-865d-b440dfce3a73;2023-07-11T19:42:24.202Z;"' +The following client-to-server Message Authentication Code (MAC) algorithms +are supported : + + hmac-sha1-96 + +The following server-to-client Message Authentication Code (MAC) algorithms +are supported : + + hmac-sha1-96 +";22;TCP;;NONE;2e2616c4-73be-4a5f-8462-0363fd979993;Low;RESURFACED +319;Blah41;10.0.0.41;;;Blah41;5cf805a5-8101-44a0-b4eb-610332ba1067;Blah41;;00000000-0000-0000-0000-000000000000;Default;Dell iDRAC;embedded;"[{""category"":""Data_Centers"",""value"":""EMEA: Data Center 1""}]";;;;;;;;;;;;;;;"At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048 bits. + +Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally, some SSL certificate vendors may revoke certificates less than 2048 bits before January 1, 2014. + +Note that Nessus will not flag root certificates with RSA keys less than 2048 bits if they were issued prior to December 31, 2010, as the standard considers them exempt.";;FALSE;FALSE;General;;;;;69551;FALSE;FALSE;SSL Certificate Chain Contains RSA Keys Less Than 2048 bits;;2013-09-03T00:00:00Z;2018-11-15T00:00:00Z;1.4;;https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf;Low;Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and reissue any certificates signed by the old certificate.;;The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits.;REMOTE;FALSE;;;;;;;;;;;;2022-08-28T00:50:18.493Z;043fc864-3724-41d6-8065-827e9482d80f;2023-07-09T00:11:49.137Z;"' +The following certificates were part of the certificate chain +sent by the remote host, but contain RSA keys that are considered +to be weak : + +|-Subject : C=US/ST=Texas/L=Round Rock/O=Dell Inc./OU=Remote Access Group/CN=iDRAC7 default certificate +|-RSA Key Length : 1024 bits +";443;TCP;;NONE;4e68d1bf-9631-41b9-b2f6-c6d6f294d6c0;Low;RESURFACED +9;Blah42;10.0.0.42;fe80:0:0:0:bc4c:9116:a935:1734;00:0d:3a:2c:fc:f3;Blah42;90d914b9-d450-456d-993b-f35a64155918;Blah42;;00000000-0000-0000-0000-000000000000;Default;Microsoft Windows 10 Enterprise for Virtual Desktops 10.0.19045;azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Endpoints"",""value"":""all""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""piotr.fusniak@tttttttnnnnnn.com},{""category"":""Endpoints"",""value"":""Windows""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Azure_CC"",""value"":""PP-DW Technology""},{""category"":""Azure"",""value"":""empit-virtual-desktop""}]";;;;cpe:/a:microsoft:snip_and_sketch;CVE-2023-28303;2.1;CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N;1.6;CVSS2#E:U/RL:OF/RC:C;3.3;CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N;2.9;CVSS:3.0/E:U/RL:O/RC:C;;"An information disclosure vulnerability exists in Windows Snip & Sketch (Windows 10) and Snipping Tool (Windows 11) where parts of a cropped image that were to be removed are not completely deleted and can be restored if saved to the cropped image file. + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;Windows;;;;;177217;FALSE;FALSE;Windows Snip & Sketch/ Snipping Tool CVE-2023-28303 (Acropalypse);2023-03-24T00:00:00Z;2023-06-13T00:00:00Z;2023-06-14T00:00:00Z;1.1;CVE=[CVE-2023-28303];http://www.nessus.org/u?ad297874;Low;Upgrade to Snip & Sketch 10.2008.3001.0 for Windows 10, Snipping Tool 11.2302.20.0 for Windows 11, or later.;;The remote web server hosts an application that is affected by an information disclosure vulnerability.;REMOTE;FALSE;30;8;1.4;UNPROVEN;LOW;VERY_LOW;120;31;No recorded events;2.2;2023-03-24T00:00:00Z;2023-07-03T23:44:46.929Z;0457de30-917d-447b-b6a1-dbe6c74877c9;2023-07-03T23:44:46.929Z;"' + Path : C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.2008.2277.0_x64__8wekyb3d8bbwe + Installed version : 10.2008.2277.0 + Fixed version : 10.2008.3001.0 +";0;TCP;;NONE;9dee433c-e3c3-4a90-80b8-fadb4262db54;Low;NEW +284;Blah43;10.0.0.43;;;Blah43;8deb2805-2066-4bd1-8f70-bee04c0fe099;Blah43;;00000000-0000-0000-0000-000000000000;Default;F5 Networks BIG-IP;load-balancer;"[{""category"":""Data_Centers"",""value"":""EMEA: Data Center 1""}]";;;;;;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;;;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N;;;;"The remote SSH server is configured to allow key exchange algorithms which are considered weak. + +This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes: + + diffie-hellman-group-exchange-sha1 + + diffie-hellman-group1-sha1 + + gss-gex-sha1-* + + gss-group1-sha1-* + + gss-group14-sha1-* + + rsa1024-sha1 + +Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.";;FALSE;FALSE;Misc.;;;;;153953;FALSE;FALSE;SSH Weak Key Exchange Algorithms Enabled;;2021-10-13T00:00:00Z;2021-10-13T00:00:00Z;1.2;;http://www.nessus.org/u?b02d91cd, https://datatracker.ietf.org/doc/html/rfc8732;Low;Contact the vendor or consult product documentation to disable the weak algorithms.;;The remote SSH server is configured to allow weak key exchange algorithms.;REMOTE;FALSE;;;;;;;;;;;;2022-10-02T00:56:55.396Z;0468f640-e6f3-4f64-af49-edbf44f17895;2023-06-25T00:36:07.814Z;"' +The following weak key exchange algorithms are enabled : + + diffie-hellman-group-exchange-sha1 +";22;TCP;;NONE;ea5641d6-d304-4ca4-8226-2d2776bbb6f8;Low;RESURFACED +270;Blah44;10.0.0.44;;;Blah44;c87eae4c-6ab4-4d9e-83b1-8e7e4a4fdb78;Blah44;;00000000-0000-0000-0000-000000000000;Default;Microsoft Windows Server 2012 R2;unknown;"[{""category"":""Data_Centers"",""value"":""EMEA: Data Center 1""}]";;;32319;;CVE-2008-5161;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;;;;;200;"The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. + +Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.";NOT_AVAILABLE;FALSE;FALSE;Misc.;;;;;70658;FALSE;FALSE;SSH Server CBC Mode Ciphers Enabled;;2013-10-28T00:00:00Z;2018-07-30T00:00:00Z;1.4;BUGTRAQ=[32319], CERT=[958563], CVE=[CVE-2008-5161], CWE=[200];;Low;Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.;;The SSH server is configured to use Cipher Block Chaining.;REMOTE;FALSE;;731;2.5;UNPROVEN;HIGH;VERY_LOW;;;No recorded events;2.5;2008-11-24T00:00:00Z;2022-10-16T04:06:22.335Z;047f0b7e-56d2-47ff-a539-9294cca7c122;2023-07-09T00:09:46.921Z;"' +The following client-to-server Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes256-cbc + +The following server-to-client Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes256-cbc +";22;TCP;;NONE;4e68d1bf-9631-41b9-b2f6-c6d6f294d6c0;Low;RESURFACED +26;Blah45;10.0.0.45;;00:0c:29:b2:f3:b0;Blah45;452fddb4-0900-4cda-acc2-3d42ce5feb99;Blah45;;00000000-0000-0000-0000-000000000000;Default;Microsoft Windows Server 2019 Standard 10.0.17763;general-purpose;"[{""category"":""Office"",""value"":""Lebanon""}]";;;;cpe:/a:vmware:tools;CVE-2023-20867;2.3;CVSS2#AV:L/AC:H/Au:M/C:P/I:P/A:N;1.9;CVSS2#E:F/RL:OF/RC:C;3.9;CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N;3.6;CVSS:3.0/E:F/RL:O/RC:C;;"The version of VMware Tools installed on the remote Windows host is affected by an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";AVAILABLE;FALSE;FALSE;Windows;2023-A-0288;;III;;177328;FALSE;FALSE;VMware Tools 10.3.x / 11.x / 12.x < 12.2.5 Authentication Bypass (VMSA-2023-0013);2023-06-13T00:00:00Z;2023-06-14T00:00:00Z;2023-06-23T00:00:00Z;1.4;CISA-KNOWN-EXPLOITED=[2023/07/14], CVE=[CVE-2023-20867], IAVA=[2023-A-0288], VMSA=[2023-0013];https://www.vmware.com/security/advisories/VMSA-2023-0013.html;Low;Upgrade to VMware Tools version 12.2.5 or later.;III;The virtualization tool suite is installed on the remote Windows host is affected by an authentication bypass vulnerability.;LOCAL;FALSE;30;8;2.7;FUNCTIONAL;LOW;HIGH;30;8;Social Media;5.7;2023-06-13T00:00:00Z;2023-06-16T11:02:06.654Z;048dfdd8-46fc-4c82-9206-5968c0365b80;2023-07-12T10:47:02.895Z;"' + Path : C:\Program Files\VMware\VMware Tools\ + Installed version : 12.2.0.41219 + Fixed version : 12.2.5 +";445;TCP;;NONE;0fdce5fe-18b9-4de3-9854-9a686f30fb43;Low;ACTIVE +372;Blah46;10.0.0.46;;;Blah46;de825088-4169-47da-be40-761560af616b;Blah46;;00000000-0000-0000-0000-000000000000;Default;FortiOS on Fortinet FortiGate;firewall;"[{""category"":""Office"",""value"":""Amsterdam DRK""}]";;;32319;;CVE-2008-5161;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;;;;;200;"The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. + +Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.";NOT_AVAILABLE;FALSE;FALSE;Misc.;;;;;70658;FALSE;FALSE;SSH Server CBC Mode Ciphers Enabled;;2013-10-28T00:00:00Z;2018-07-30T00:00:00Z;1.4;BUGTRAQ=[32319], CERT=[958563], CVE=[CVE-2008-5161], CWE=[200];;Low;Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.;;The SSH server is configured to use Cipher Block Chaining.;REMOTE;FALSE;;731;2.5;UNPROVEN;HIGH;VERY_LOW;;;No recorded events;2.5;2008-11-24T00:00:00Z;2022-07-05T11:58:12.454Z;04ade7dd-9ad0-49cf-b95c-520f0e5562e8;2023-07-13T07:40:38.695Z;"' +The following client-to-server Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes192-cbc + aes256-cbc + +The following server-to-client Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes192-cbc + aes256-cbc +";22;TCP;;NONE;2872c1b5-9cc5-4636-be62-8bb5fc02cf7e;Low;RESURFACED +50;Blah47;10.0.0.47;fe80:0:0:0:42:7cff:fea4:a7cc;02:42:7c:a4:a7:cc;Blah47;21ef634a-0764-4cf1-98f4-7d16e58d7245;Blah47;;00000000-0000-0000-0000-000000000000;Default;Ubuntu 16.04.6 LTS (Xenial Xerus);general-purpose;"[{""category"":""Data_Centers"",""value"":""EMEA: Data Center 1""}]";;;;cpe:/o:canonical:ubuntu_linux:16.04:-:lts, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, cpe:/o:canonical:ubuntu_linux:20.10, p-cpe:/a:canonical:ubuntu_linux:python-apt, p-cpe:/a:canonical:ubuntu_linux:python-apt-common, p-cpe:/a:canonical:ubuntu_linux:python-apt-dev, p-cpe:/a:canonical:ubuntu_linux:python3-apt;CVE-2020-27351;2.1;CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P;1.6;CVSS2#E:U/RL:OF/RC:C;2.8;CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L;2.5;CVSS:3.0/E:U/RL:O/RC:C;;The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4668-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.;NOT_AVAILABLE;FALSE;FALSE;Ubuntu Local Security Checks;;;;;144015;FALSE;FALSE;Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : python-apt vulnerability (USN-4668-1);2020-12-09T00:00:00Z;2020-12-09T00:00:00Z;2023-01-17T00:00:00Z;1.5;CVE=[CVE-2020-27351], USN=[4668-1];https://ubuntu.com/security/notices/USN-4668-1;Low;Update the affected packages.;;The remote Ubuntu host is missing a security update.;LOCAL;FALSE;;731;1.4;UNPROVEN;LOW;VERY_LOW;;;No recorded events;1.4;2020-12-09T00:00:00Z;2023-05-23T10:51:12.768Z;04b26e3d-f7f2-4ca5-8310-cf18da111458;2023-07-12T11:02:00.981Z;"' + - Installed package : python-apt_1.1.0~beta1ubuntu0.16.04.8 + Fixed package : python-apt_1.1.0~beta1ubuntu0.16.04.10 + + - Installed package : python-apt-common_1.1.0~beta1ubuntu0.16.04.5 + Fixed package : python-apt-common_1.1.0~beta1ubuntu0.16.04.10 + + - Installed package : python3-apt_1.1.0~beta1ubuntu0.16.04.5 + Fixed package : python3-apt_1.1.0~beta1ubuntu0.16.04.10 + +";0;TCP;;NONE;0fdce5fe-18b9-4de3-9854-9a686f30fb43;Low;ACTIVE +6;Blah48;10.0.0.48;fe80:0:0:0:6245:bdff:fe93:afda;60:45:bd:93:af:da;Blah48;5a1c535b-a4a0-4983-876d-e044db3c835d;Blah48;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 5.4.0-1063-azure on Ubuntu 18.04;azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""Lukasz.Maslowski@tttttttnnnnnn.com},{""category"":""Azure_OU"",""value"":""SEARCH""},{""category"":""Azure_CC"",""value"":""PP-Search""},{""category"":""Office"",""value"":""Poland""},{""category"":""Azure"",""value"":""Search - prod - Geocode""}]";;;;cpe:/o:canonical:ubuntu_linux:16.04:-:esm, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:curl, p-cpe:/a:canonical:ubuntu_linux:libcurl3, p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls, p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss, p-cpe:/a:canonical:ubuntu_linux:libcurl4, p-cpe:/a:canonical:ubuntu_linux:libcurl4-gnutls-dev, p-cpe:/a:canonical:ubuntu_linux:libcurl4-nss-dev, p-cpe:/a:canonical:ubuntu_linux:libcurl4-openssl-dev;CVE-2022-35252;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P;2.0;CVSS2#E:POC/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L;3.4;CVSS:3.0/E:P/RL:O/RC:C;;"The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5587-1 advisory. + + - When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. + Effectively allowing asister site to deny service to all siblings. (CVE-2022-35252) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";AVAILABLE;FALSE;FALSE;Ubuntu Local Security Checks;2022-A-0350-S;;II;;164627;FALSE;FALSE;Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : curl vulnerability (USN-5587-1);2022-09-01T00:00:00Z;2022-09-01T00:00:00Z;2023-07-12T00:00:00Z;1.9;CVE=[CVE-2022-35252], IAVA=[2022-A-0350-S], USN=[5587-1];https://ubuntu.com/security/notices/USN-5587-1;Low;Update the affected packages.;II;The remote Ubuntu host is missing a security update.;LOCAL;FALSE;365;181;1.4;PROOF_OF_CONCEPT;VERY_HIGH;VERY_LOW;;;No recorded events;2.2;2022-09-01T00:00:00Z;2023-07-06T11:45:04.773Z;04b45478-ff23-4e90-a0fe-194eedff7b47;2023-07-12T11:55:39.574Z;"' + - Installed package : curl_7.58.0-2ubuntu3.18 + Fixed package : curl_7.58.0-2ubuntu3.20 + + - Installed package : libcurl3-gnutls_7.58.0-2ubuntu3.18 + Fixed package : libcurl3-gnutls_7.58.0-2ubuntu3.20 + + - Installed package : libcurl4_7.58.0-2ubuntu3.18 + Fixed package : libcurl4_7.58.0-2ubuntu3.20 + +";0;TCP;;NONE;a4838595-ade3-4175-b602-7ab22df4e644;Low;ACTIVE +27;Blah49;10.0.0.49;fe80:0:0:0:fdd4:4efd:a224:c05c;00:15:5d:e4:d4:d8;Blah49;3889aaae-738d-41ca-a893-1437d6ccafbd;Blah49;;00000000-0000-0000-0000-000000000000;Default;Microsoft Windows 11 Pro 10.0.22621;general-purpose;"[{""category"":""Endpoints"",""value"":""all""},{""category"":""Endpoints"",""value"":""Windows""}]";;;;cpe:/a:microsoft:snip_and_sketch;CVE-2023-28303;2.1;CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N;1.6;CVSS2#E:U/RL:OF/RC:C;3.3;CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N;2.9;CVSS:3.0/E:U/RL:O/RC:C;;"An information disclosure vulnerability exists in Windows Snip & Sketch (Windows 10) and Snipping Tool (Windows 11) where parts of a cropped image that were to be removed are not completely deleted and can be restored if saved to the cropped image file. + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;Windows;;;;;177217;FALSE;FALSE;Windows Snip & Sketch/ Snipping Tool CVE-2023-28303 (Acropalypse);2023-03-24T00:00:00Z;2023-06-13T00:00:00Z;2023-06-14T00:00:00Z;1.1;CVE=[CVE-2023-28303];http://www.nessus.org/u?ad297874;Low;Upgrade to Snip & Sketch 10.2008.3001.0 for Windows 10, Snipping Tool 11.2302.20.0 for Windows 11, or later.;;The remote web server hosts an application that is affected by an information disclosure vulnerability.;REMOTE;FALSE;30;8;1.4;UNPROVEN;LOW;VERY_LOW;120;31;No recorded events;2.2;2023-03-24T00:00:00Z;2023-06-15T09:38:22.817Z;04bb2c06-e583-4f01-844b-6f929d515b75;2023-06-15T09:38:22.817Z;"' + Path : C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.2008.3001.0_x64__8wekyb3d8bbwe + Installed version : 10.2008.3001.0 + Fixed version : 11.2302.20.0 +";0;TCP;;NONE;05c22ba4-5c7f-429b-9e39-f2050c85e795;Low;NEW +201;Blah50;10.0.0.50;2a02:a448:5a58:1:e552:c721:7246:543f;02:42:64:9f:68:9d;Blah50;8d1f9086-9cfa-40de-a1b0-c9979fc67922;Blah50;;00000000-0000-0000-0000-000000000000;Default;Ubuntu 20.04.6 LTS (Focal Fossa);general-purpose;"[{""category"":""Data_Centers"",""value"":""EMEA: Data Center 1""},{""category"":""Endpoints"",""value"":""all""},{""category"":""Endpoints"",""value"":""Linux""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2022-12-23T10:04:26.835Z;04d8e677-c6b5-450f-90d1-416c0ab49afb;2023-07-13T06:53:06.604Z;"' +The following running daemon is not managed by dpkg : + +/snap/teams-insiders/10/usr/share/teams-insiders/teams-insiders +";0;TCP;;NONE;18ce976c-e315-475e-90a7-54f3234823d0;Low;RESURFACED +368;Blah51;10.0.0.51;;;Blah51;100c88f1-22f2-4591-879c-28fe25af907f;Blah51;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 2.6;general-purpose;"[{""category"":""Data_Centers"",""value"":""EMEA: Data Center 1""}]";;;32319;;CVE-2008-5161;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;;;;;200;"The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. + +Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.";NOT_AVAILABLE;FALSE;FALSE;Misc.;;;;;70658;FALSE;FALSE;SSH Server CBC Mode Ciphers Enabled;;2013-10-28T00:00:00Z;2018-07-30T00:00:00Z;1.4;BUGTRAQ=[32319], CERT=[958563], CVE=[CVE-2008-5161], CWE=[200];;Low;Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.;;The SSH server is configured to use Cipher Block Chaining.;REMOTE;FALSE;;731;2.5;UNPROVEN;HIGH;VERY_LOW;;;No recorded events;2.5;2008-11-24T00:00:00Z;2022-07-09T23:42:54.423Z;04ed5f82-9d3b-4559-bc02-67c7fd023989;2023-07-08T23:42:25.583Z;"' +The following client-to-server Cipher Block Chaining (CBC) algorithms +are supported : + + aes128-cbc + aes192-cbc + aes256-cbc + +The following server-to-client Cipher Block Chaining (CBC) algorithms +are supported : + + aes128-cbc + aes192-cbc + aes256-cbc +";22;TCP;;NONE;4e68d1bf-9631-41b9-b2f6-c6d6f294d6c0;Low;RESURFACED +502;Blah52;10.0.0.52;;20:47:47:e9:a0:60;Blah52;6ca883c0-0a5c-489f-a9b5-80afa1a3801e;Blah52;;00000000-0000-0000-0000-000000000000;Default;Microsoft Windows 10 Enterprise Build 19045;general-purpose;"[{""category"":""Endpoints"",""value"":""all""},{""category"":""Endpoints"",""value"":""Windows""},{""category"":""Office"",""value"":""Gent""}]";;;74733;cpe:/a:openssl:openssl;CVE-2015-4000;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;;The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections.;NOT_AVAILABLE;FALSE;FALSE;Misc.;;;;;83875;TRUE;FALSE;SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam);;2015-05-28T00:00:00Z;2022-12-05T00:00:00Z;1.4;BUGTRAQ=[74733], CVE=[CVE-2015-4000];https://weakdh.org/;Low;Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.;;The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits.;REMOTE;FALSE;;731;1.4;UNPROVEN;VERY_HIGH;VERY_LOW;;;No recorded events;4.5;2015-05-20T00:00:00Z;2022-02-25T20:51:30.786Z;05220468-1500-453e-8341-5901171e620d;2023-07-12T17:49:56.249Z;"' +Vulnerable connection combinations : + + SSL/TLS version : TLSv1.0 + Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA + Diffie-Hellman MODP size (bits) : 1024 + Warning - This is a known static Oakley Group2 modulus. This may make + the remote host more vulnerable to the Logjam attack. + Logjam attack difficulty : Hard (would require nation-state resources) + + SSL/TLS version : TLSv1.0 + Cipher suite : TLS1_CK_DHE_RSA_WITH_SEED_CBC_SHA + Diffie-Hellman MODP size (bits) : 1024 + Warning - This is a known static Oakley Group2 modulus. This may make + the remote host more vulnerable to the Logjam attack. + Logjam attack difficulty : Hard (would require nation-state resources) + + SSL/TLS version : TLSv1.0 + Cipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + Diffie-Hellman MODP size (bits) : 1024 + Warning - This is a known static Oakley Group2 modulus. This may make + the remote host more vulnerable to the Logjam attack. + Logjam attack difficulty : Hard (would require nation-state resources) + + SSL/TLS version : TLSv1.0 + Cipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + Diffie-Hellman MODP size (bits) : 1024 + Warning - This is a known static Oakley Group2 modulus. This may make + the remote host more vulnerable to the Logjam attack. + Logjam attack difficulty : Hard (would require nation-state resources) + + SSL/TLS version : TLSv1.0 + Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA + Diffie-Hellman MODP size (bits) : 1024 + Warning - This is a known static Oakley Group2 modulus. This may make + the remote host more vulnerable to the Logjam attack. + Logjam attack difficulty : Hard (would require nation-state resources) + + SSL/TLS version : TLSv1.1 + Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA + Diffie-Hellman MODP size (bits) : 1024 + Warning - This is a known static Oakley Group2 modulus. This may make + the remote host more vulnerable to the Logjam attack. + Logjam attack difficulty : Hard (would require nation-state resources) + + SSL/TLS version : TLSv1.1 + Cipher suite : TLS1_CK_DHE_RSA_WITH_SEED_CBC_SHA + Diffie-Hellman MODP size (bits) : 1024 + Warning - This is a known static Oakley Group2 modulus. This may make + the remote host more vulnerable to the Logjam attack. + Logjam attack difficulty : Hard (would require nation-state resources) + + SSL/TLS version : TLSv1.1 + Cipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + Diffie-Hellman MODP size (bits) : 1024 + Warning - This is a known static Oakley Group2 modulus. This may make + the remote host more vulnerable to the Logjam attack. + Logjam attack difficulty : Hard (would require nation-state resources) + + SSL/TLS version : TLSv1.1 + Cipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + Diffie-Hellman MODP size (bits) : 1024 + Warning - This is a known static Oakley Group2 modulus. This may make + the remote host more vulnerable to the Logjam attack. + Logjam attack difficulty : Hard (would require nation-state resources) + + SSL/TLS version : TLSv1.1 + Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA + Diffie-Hellman MODP size (bits) : 1024 + Warning - This is a known static Oakley Group2 modulus. This may make + the remote host more vulnerable to the Logjam attack. + Logjam attack difficulty : Hard (would require nation-state resources) +";443;TCP;;NONE;8ec25ec0-bb5e-4867-9c24-3a990cde8c00;Low;RESURFACED +429;Blah53;10.0.0.53;;;Blah53;e4963f4e-cfd0-4660-aa94-dd583f2e132c;Blah53;;00000000-0000-0000-0000-000000000000;Default;CISCO IOS 12, CISCO PIX, Cisco IOS XE, CISCO IOS 15;router;"[{""category"":""Office"",""value"":""Eindhoven""}]";;;;;;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;;;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N;;;;"The remote SSH server is configured to allow key exchange algorithms which are considered weak. + +This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes: + + diffie-hellman-group-exchange-sha1 + + diffie-hellman-group1-sha1 + + gss-gex-sha1-* + + gss-group1-sha1-* + + gss-group14-sha1-* + + rsa1024-sha1 + +Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.";;FALSE;FALSE;Misc.;;;;;153953;FALSE;FALSE;SSH Weak Key Exchange Algorithms Enabled;;2021-10-13T00:00:00Z;2021-10-13T00:00:00Z;1.2;;http://www.nessus.org/u?b02d91cd, https://datatracker.ietf.org/doc/html/rfc8732;Low;Contact the vendor or consult product documentation to disable the weak algorithms.;;The remote SSH server is configured to allow weak key exchange algorithms.;REMOTE;FALSE;;;;;;;;;;;;2022-05-09T10:18:02.236Z;052fd512-fe81-4e47-b8cf-cca0beeddc3e;2023-07-10T11:38:40.994Z;"' +The following weak key exchange algorithms are enabled : + + diffie-hellman-group-exchange-sha1 +";22;TCP;;NONE;06f8d74d-94b0-4a80-b581-fc3c273cc695;Low;RESURFACED +19;Blah54;10.0.0.54;fe80:0:0:0:20d:3aff:fe4a:382;00:0d:3a:4a:03:82;Blah54;7ff1afe0-90fc-41bb-908f-d69a59e3fc33;Blah54;;00000000-0000-0000-0000-000000000000;Default;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_OU"",""value"":""PU Delivery""},{""category"":""Azure_CC"",""value"":""MAPS-PU Delivery""},{""category"":""Azure_BU"",""value"":""Maps""},{""category"":""Azure"",""value"":""nds-prod""}]";;;;p-cpe:/a:centos:centos:glibc, p-cpe:/a:centos:centos:glibc-common, p-cpe:/a:centos:centos:glibc-devel, p-cpe:/a:centos:centos:glibc-headers, p-cpe:/a:centos:centos:glibc-static, p-cpe:/a:centos:centos:glibc-utils, p-cpe:/a:centos:centos:nscd, cpe:/o:centos:centos:7;CVE-2019-19126;2.1;CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N;1.6;CVSS2#E:U/RL:OF/RC:C;3.3;CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N;2.9;CVSS:3.0/E:U/RL:O/RC:C;20;"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:3861 advisory. + + - glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;141625;FALSE;FALSE;CentOS 7 : glibc (CESA-2020:3861);2020-10-20T00:00:00Z;2020-10-20T00:00:00Z;2020-11-30T00:00:00Z;1.4;CVE=[CVE-2019-19126], CWE=[20], RHSA=[2020:3861];http://www.nessus.org/u?a3ca8c1b, https://cwe.mitre.org/data/definitions/20.html;Low;Update the affected packages.;;The remote CentOS Linux host is missing a security update.;LOCAL;FALSE;;731;1.4;UNPROVEN;MEDIUM;VERY_LOW;;;No recorded events;1.4;2019-11-19T00:00:00Z;2023-06-23T12:14:13.279Z;0548492d-426a-45dd-9f64-d69d7954c964;2023-07-12T11:53:13.882Z;"' +Remote package installed : glibc-2.17-292.el7 +Should be : glibc-2.17-317.el7 + +Remote package installed : glibc-common-2.17-292.el7 +Should be : glibc-common-2.17-317.el7 + +Remote package installed : glibc-devel-2.17-292.el7 +Should be : glibc-devel-2.17-317.el7 + +Remote package installed : glibc-headers-2.17-292.el7 +Should be : glibc-headers-2.17-317.el7 + + +NOTE: The security advisory associated with this vulnerability has a +fixed package version that may only be available in the continuous +release (CR) repository for CentOS, until it is present in the next +point release of CentOS. + +If an equal or higher package level does not exist in the baseline +repository for your major version of CentOS, then updates from the CR +repository will need to be applied in order to address the +vulnerability. +";0;TCP;;NONE;369a932f-8141-42ac-85cc-645634caebf6;Low;ACTIVE +26;Blah55;10.0.0.55;fe80:0:0:0:20d:3aff:fe47:f76d;00:0d:3a:47:f7:6d;Blah55;b0275989-0303-4452-8856-bcb0630cc829;Blah55;;00000000-0000-0000-0000-000000000000;Default;AlmaLinux 8.8 (Sapphire Caracal);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure_BU"",""value"":""Maps""},{""category"":""Owners"",""value"":""Joe.Dixon@tttttttnnnnnn.com},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure"",""value"":""Maps Big Data Platform""},{""category"":""Azure_CC"",""value"":""MAPS-Floating car Data""},{""category"":""Azure_OU"",""value"":""PU PLATFORM""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-06-16T11:54:53.373Z;054ee239-e0c1-46fe-8523-b91568e77289;2023-07-12T11:44:29.551Z;"' +The following running daemon is not managed by RPM : + +/usr/local/bin/node_exporter +";0;TCP;;NONE;d71442ac-05f1-4d12-b0bb-d14e96aa22ff;Low;ACTIVE +6;Blah56;10.0.0.56;fe80:0:0:0:20d:3aff:fe21:2057;00:0d:3a:21:20:57;Blah56;9a761f91-927d-416a-a788-a2cce2343496;Blah56;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.6 (Sky Tiger);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-prod""}]";;;;p-cpe:/a:alma:linux:java-17-openjdk, p-cpe:/a:alma:linux:java-17-openjdk-demo, p-cpe:/a:alma:linux:java-17-openjdk-demo-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-demo-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-devel, p-cpe:/a:alma:linux:java-17-openjdk-devel-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-devel-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-headless, p-cpe:/a:alma:linux:java-17-openjdk-headless-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-headless-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-javadoc, p-cpe:/a:alma:linux:java-17-openjdk-javadoc-zip, p-cpe:/a:alma:linux:java-17-openjdk-jmods, p-cpe:/a:alma:linux:java-17-openjdk-jmods-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-jmods-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-src, p-cpe:/a:alma:linux:java-17-openjdk-src-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-src-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-static-libs, p-cpe:/a:alma:linux:java-17-openjdk-static-libs-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-static-libs-slowdebug, cpe:/o:alma:linux:8, cpe:/o:alma:linux:8::appstream, cpe:/o:alma:linux:8::powertools;CVE-2023-21835, CVE-2023-21843;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;400, 646;"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0192 advisory. + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; + Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-21835) + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-21843) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;Alma Linux Local Security Checks;2023-A-0042;;I;;170147;FALSE;FALSE;AlmaLinux 8 : java-17-openjdk (ALSA-2023:0192);2023-01-18T00:00:00Z;2023-01-18T00:00:00Z;2023-01-20T00:00:00Z;1.1;CVE=[CVE-2023-21835, CVE-2023-21843], CWE=[400, 646], IAVA=[2023-A-0042];https://errata.almalinux.org/8/ALSA-2023-0192.html;Low;Update the affected packages.;I;The remote AlmaLinux host is missing one or more security updates.;LOCAL;FALSE;180;61;1.4;UNPROVEN;MEDIUM;VERY_LOW;;;No recorded events;1.4;2023-01-17T00:00:00Z;2023-07-06T12:05:59.392Z;054f0111-123d-455b-8364-16991d12b57f;2023-07-12T11:40:07.180Z;"' +Remote package installed : java-17-openjdk-17.0.5.0.8-2.el8_6 +Should be : java-17-openjdk-17.0.6.0.10-3.el8_7 + +Remote package installed : java-17-openjdk-devel-17.0.5.0.8-2.el8_6 +Should be : java-17-openjdk-devel-17.0.6.0.10-3.el8_7 + +Remote package installed : java-17-openjdk-headless-17.0.5.0.8-2.el8_6 +Should be : java-17-openjdk-headless-17.0.6.0.10-3.el8_7 + +";0;TCP;;NONE;12fe8132-d877-41c8-bbb8-be9479d3c940;Low;ACTIVE +6;Blah57;10.0.0.57;fe80:0:0:0:20d:3aff:fea8:21e;00:0d:3a:a8:02:1e;Blah57;27e91cbb-5a5d-4483-8937-c4385b81a2f3;Blah57;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-prod""}]";;;;p-cpe:/a:centos:centos:glibc, p-cpe:/a:centos:centos:glibc-common, p-cpe:/a:centos:centos:glibc-devel, p-cpe:/a:centos:centos:glibc-headers, p-cpe:/a:centos:centos:glibc-static, p-cpe:/a:centos:centos:glibc-utils, p-cpe:/a:centos:centos:nscd, cpe:/o:centos:centos:7;CVE-2019-19126;2.1;CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N;1.6;CVSS2#E:U/RL:OF/RC:C;3.3;CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N;2.9;CVSS:3.0/E:U/RL:O/RC:C;20;"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:3861 advisory. + + - glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;141625;FALSE;FALSE;CentOS 7 : glibc (CESA-2020:3861);2020-10-20T00:00:00Z;2020-10-20T00:00:00Z;2020-11-30T00:00:00Z;1.4;CVE=[CVE-2019-19126], CWE=[20], RHSA=[2020:3861];http://www.nessus.org/u?a3ca8c1b, https://cwe.mitre.org/data/definitions/20.html;Low;Update the affected packages.;;The remote CentOS Linux host is missing a security update.;LOCAL;FALSE;;731;1.4;UNPROVEN;MEDIUM;VERY_LOW;;;No recorded events;1.4;2019-11-19T00:00:00Z;2023-07-06T12:03:24.991Z;05519253-441b-40ce-a6d6-a991c68f4fdc;2023-07-12T11:35:03.920Z;"' +Remote package installed : glibc-2.17-292.el7 +Should be : glibc-2.17-317.el7 + +Remote package installed : glibc-common-2.17-292.el7 +Should be : glibc-common-2.17-317.el7 + + +NOTE: The security advisory associated with this vulnerability has a +fixed package version that may only be available in the continuous +release (CR) repository for CentOS, until it is present in the next +point release of CentOS. + +If an equal or higher package level does not exist in the baseline +repository for your major version of CentOS, then updates from the CR +repository will need to be applied in order to address the +vulnerability. +";0;TCP;;NONE;12fe8132-d877-41c8-bbb8-be9479d3c940;Low;ACTIVE +295;Blah58;10.0.0.58;;3c:58:c2:fe:f5:ce;Blah58;8ab4ece3-48f6-477c-a4d7-d24ecdda2f06;Blah58;;00000000-0000-0000-0000-000000000000;Default;Microsoft Windows 10 Enterprise Build 19045;general-purpose;"[{""category"":""Endpoints"",""value"":""all""},{""category"":""Endpoints"",""value"":""Windows""}]";;;;cpe:/a:apache:tomcat;CVE-2021-43980;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;;"The version of Apache Tomcat installed on the remote host is 8.x prior to 8.5.78. + + - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. (CVE-2021-43980)";NOT_AVAILABLE;FALSE;FALSE;Web Servers;;;;;159462;FALSE;FALSE;Apache Tomcat 8.x < 8.5.78 Spring4Shell (CVE-2022-22965) Mitigations;2022-04-01T00:00:00Z;2022-04-01T00:00:00Z;2023-03-21T00:00:00Z;1.4;CVE=[CVE-2021-43980];http://www.nessus.org/u?c41b6749, http://www.nessus.org/u?72f4365d;Low;Upgrade to Apache Tomcat version 8.5.78 or later.;;The remote Apache Tomcat server is affected by a vulnerability;COMBINED;FALSE;365;181;1.4;UNPROVEN;LOW;VERY_LOW;;;No recorded events;2.2;2022-04-01T00:00:00Z;2022-09-20T09:05:51.276Z;055bbd43-3fd0-4f8d-a14e-67695d491e84;2023-07-13T08:01:08.751Z;"' + Path : C:\Program Files\Apache Software Foundation\Tomcat 8.0\ + Installed version : 8.0.36 + Fixed version : 8.5.78 +";0;TCP;;NONE;41b41fd5-99f1-4050-833f-1e3aaec58b9f;Low;ACTIVE +14;Blah59;10.0.0.59;fe80:0:0:0:20d:3aff:fe26:70ec;00:0d:3a:26:70:ec;Blah59;26db9194-3a11-46de-96b8-a4113a8ebb4d;Blah59;;00000000-0000-0000-0000-000000000000;Default;AlmaLinux 8.8 (Sapphire Caracal);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""Joe.Dixon@tttttttnnnnnn.com},{""category"":""Azure_OU"",""value"":""PU PLATFORM""},{""category"":""Azure_CC"",""value"":""MAPS-Floating car Data""},{""category"":""Azure_BU"",""value"":""Maps""},{""category"":""Azure"",""value"":""Maps Big Data Platform""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-06-28T12:01:38.218Z;0587a88d-3aeb-408f-b4a7-1c17f32f31aa;2023-07-12T11:42:29.892Z;"' +The following running daemon is not managed by RPM : + +/usr/local/bin/node_exporter +";0;TCP;;NONE;d71442ac-05f1-4d12-b0bb-d14e96aa22ff;Low;ACTIVE +201;Blah60;10.0.0.60;fe80:0:0:0:d1ad:bedc:a6e7:d5c1;48:89:e7:40:69:c9;Blah60;82acbe36-ae2c-44ce-9fa3-bd2fa0902f82;Blah60;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 5.4.0-153-generic on Ubuntu 20.04;general-purpose;"[{""category"":""Endpoints"",""value"":""all""},{""category"":""Endpoints"",""value"":""Linux""},{""category"":""Office"",""value"":""Eindhoven""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2022-12-24T00:56:48.447Z;05ba36c8-113e-4da7-8ecc-7c64b30ba912;2023-07-13T00:13:08.793Z;"' +The following running daemon is not managed by dpkg : + +/home/jawi/perforce/simulation-environment/NavKit/x86_64-Linux/bin/NavKitApp.NDS +";0;TCP;;NONE;18ce976c-e315-475e-90a7-54f3234823d0;Low;RESURFACED +6;Blah61;10.0.0.61;fe80:0:0:0:20d:3aff:fe28:bc03;00:0d:3a:28:bc:03;Blah61;e4132939-fa04-4fb3-96c8-bad7009f3dda;Blah61;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.5 (Arctic Sphynx);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-prod""}]";;;;p-cpe:/a:alma:linux:grub2-common, p-cpe:/a:alma:linux:grub2-efi-aa64, p-cpe:/a:alma:linux:grub2-efi-aa64-cdboot, p-cpe:/a:alma:linux:grub2-efi-aa64-modules, p-cpe:/a:alma:linux:grub2-efi-ia32, p-cpe:/a:alma:linux:grub2-efi-ia32-cdboot, p-cpe:/a:alma:linux:grub2-efi-ia32-modules, p-cpe:/a:alma:linux:grub2-efi-x64, p-cpe:/a:alma:linux:grub2-efi-x64-cdboot, p-cpe:/a:alma:linux:grub2-efi-x64-modules, p-cpe:/a:alma:linux:grub2-pc, p-cpe:/a:alma:linux:grub2-pc-modules, p-cpe:/a:alma:linux:grub2-ppc64le-modules, p-cpe:/a:alma:linux:grub2-tools, p-cpe:/a:alma:linux:grub2-tools-efi, p-cpe:/a:alma:linux:grub2-tools-extra, p-cpe:/a:alma:linux:grub2-tools-minimal, cpe:/o:alma:linux:8;CVE-2021-3981;2.1;CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N;1.6;CVSS2#E:U/RL:OF/RC:C;3.3;CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N;2.9;CVSS:3.0/E:U/RL:O/RC:C;;"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:2110 advisory. + + - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. + This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. (CVE-2021-3981) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;Alma Linux Local Security Checks;;;;;161091;FALSE;FALSE;AlmaLinux 8 : grub2 (ALSA-2022:2110);2022-05-10T00:00:00Z;2022-05-12T00:00:00Z;2022-05-12T00:00:00Z;1.2;CVE=[CVE-2021-3981];https://errata.almalinux.org/8/ALSA-2022-2110.html;Low;Update the affected packages.;;The remote AlmaLinux host is missing a security update.;LOCAL;FALSE;730;366;1.4;UNPROVEN;LOW;VERY_LOW;;;No recorded events;1.4;2022-03-10T00:00:00Z;2023-07-06T12:00:37.835Z;05c6b7b9-cb59-4649-877c-855e1226efe4;2023-07-12T11:39:48.073Z;"' +Remote package installed : grub2-common-2.02-106.el8.alma +Should be : grub2-common-2.02-123.el8.alma + +Remote package installed : grub2-efi-x64-2.02-106.el8.alma +Should be : grub2-efi-x64-2.02-123.el8.alma + +Remote package installed : grub2-pc-modules-2.02-106.el8.alma +Should be : grub2-pc-modules-2.02-123.el8.alma + +Remote package installed : grub2-tools-2.02-106.el8.alma +Should be : grub2-tools-2.02-123.el8.alma + +Remote package installed : grub2-tools-efi-2.02-106.el8.alma +Should be : grub2-tools-efi-2.02-123.el8.alma + +Remote package installed : grub2-tools-extra-2.02-106.el8.alma +Should be : grub2-tools-extra-2.02-123.el8.alma + +Remote package installed : grub2-tools-minimal-2.02-106.el8.alma +Should be : grub2-tools-minimal-2.02-123.el8.alma + +";0;TCP;;NONE;12fe8132-d877-41c8-bbb8-be9479d3c940;Low;ACTIVE +20;Blah62;10.0.0.62;fe80:0:0:0:6245:bdff:fe8e:c73f;60:45:bd:8e:c7:3f;Blah62;f4a59d4c-9cac-4d96-b3d1-c99fbfb29f98;Blah62;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.6 (Sky Tiger);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-dev""}]";;;;p-cpe:/a:alma:linux:java-17-openjdk, p-cpe:/a:alma:linux:java-17-openjdk-demo, p-cpe:/a:alma:linux:java-17-openjdk-demo-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-demo-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-devel, p-cpe:/a:alma:linux:java-17-openjdk-devel-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-devel-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-headless, p-cpe:/a:alma:linux:java-17-openjdk-headless-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-headless-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-javadoc, p-cpe:/a:alma:linux:java-17-openjdk-javadoc-zip, p-cpe:/a:alma:linux:java-17-openjdk-jmods, p-cpe:/a:alma:linux:java-17-openjdk-jmods-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-jmods-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-src, p-cpe:/a:alma:linux:java-17-openjdk-src-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-src-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-static-libs, p-cpe:/a:alma:linux:java-17-openjdk-static-libs-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-static-libs-slowdebug, cpe:/o:alma:linux:8, cpe:/o:alma:linux:8::appstream, cpe:/o:alma:linux:8::powertools;CVE-2023-21835, CVE-2023-21843;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;400, 646;"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0192 advisory. + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; + Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-21835) + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-21843) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;Alma Linux Local Security Checks;2023-A-0042;;I;;170147;FALSE;FALSE;AlmaLinux 8 : java-17-openjdk (ALSA-2023:0192);2023-01-18T00:00:00Z;2023-01-18T00:00:00Z;2023-01-20T00:00:00Z;1.1;CVE=[CVE-2023-21835, CVE-2023-21843], CWE=[400, 646], IAVA=[2023-A-0042];https://errata.almalinux.org/8/ALSA-2023-0192.html;Low;Update the affected packages.;I;The remote AlmaLinux host is missing one or more security updates.;LOCAL;FALSE;180;61;1.4;UNPROVEN;MEDIUM;VERY_LOW;;;No recorded events;1.4;2023-01-17T00:00:00Z;2023-06-22T11:53:58.614Z;05db13db-5f14-406c-8b86-856f253f86ac;2023-07-12T11:52:37.747Z;"' +Remote package installed : java-17-openjdk-17.0.4.1.1-2.el8_6 +Should be : java-17-openjdk-17.0.6.0.10-3.el8_7 + +Remote package installed : java-17-openjdk-devel-17.0.4.1.1-2.el8_6 +Should be : java-17-openjdk-devel-17.0.6.0.10-3.el8_7 + +Remote package installed : java-17-openjdk-headless-17.0.4.1.1-2.el8_6 +Should be : java-17-openjdk-headless-17.0.6.0.10-3.el8_7 + +";0;TCP;;NONE;18f99379-95e6-4c04-988d-b3e9a82519c8;Low;ACTIVE +424;Blah63;10.0.0.63;;00:e0:d8:1d:ec:f8;Blah63;ae8d07dd-b026-4de1-be9f-83a93610cbd1;Blah63;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 2.6.37.6-lsp-3.2.5_stm24_0012-spear3xx;general-purpose;"[{""category"":""Office"",""value"":""pune2""},{""category"":""Office"",""value"":""Pune""}]";;;32319;;CVE-2008-5161;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;;;;;200;"The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. + +Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.";NOT_AVAILABLE;FALSE;FALSE;Misc.;;;;;70658;FALSE;FALSE;SSH Server CBC Mode Ciphers Enabled;;2013-10-28T00:00:00Z;2018-07-30T00:00:00Z;1.4;BUGTRAQ=[32319], CERT=[958563], CVE=[CVE-2008-5161], CWE=[200];;Low;Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.;;The SSH server is configured to use Cipher Block Chaining.;REMOTE;FALSE;;731;2.5;UNPROVEN;HIGH;VERY_LOW;;;No recorded events;2.5;2008-11-24T00:00:00Z;2022-05-14T08:53:36.471Z;0616ab6e-482c-43a5-a33c-4305a9e96a14;2023-07-11T19:12:16.482Z;"' +The following client-to-server Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes256-cbc + +The following server-to-client Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes256-cbc +";22;TCP;;NONE;2e2616c4-73be-4a5f-8462-0363fd979993;Low;ACTIVE +152;Blah64;10.0.0.64;2001:9e8:6d71:e900:ada:f4d:7134:dc3e;02:42:26:4c:c7:2d;Blah64;96d95812-e863-45a3-a4ba-e1fc0a4cdcf6;Blah64;;00000000-0000-0000-0000-000000000000;Default;Ubuntu 22.04.2 LTS (Jammy Jellyfish);general-purpose;"[{""category"":""Endpoints"",""value"":""all""},{""category"":""Endpoints"",""value"":""Linux""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-02-10T10:04:28.881Z;0622ecbe-f9c9-4c55-b1c5-071849d7b83c;2023-07-13T07:22:14.953Z;"' +The following running daemons are not managed by dpkg : + +/opt/rapid7/ir_agent/components/insight_agent/3.3.2.35/ir_agent +/snap/firefox/2908/usr/lib/firefox/firefox +";0;TCP;;NONE;18ce976c-e315-475e-90a7-54f3234823d0;Low;ACTIVE +92;Blah65;10.0.0.65;fe80:0:0:0:20d:3aff:fe4c:3eae;00:0d:3a:4c:3e:ae;Blah65;4889b98c-bccf-41ef-a07f-efd8a53ab6ee;Blah65;;00000000-0000-0000-0000-000000000000;Default;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Owners"",""value"":""hans.vanleijen@tttttttnnnnnn.com},{""category"":""Azure"",""value"":""CIT-DSP-Prod""},{""category"":""Azure_CC"",""value"":""PP-Device Service Platform""}]";;;;p-cpe:/a:centos:centos:java-1.6.0-openjdk, p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo, p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel, p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc, p-cpe:/a:centos:centos:java-1.6.0-openjdk-src, cpe:/o:centos:centos:5, cpe:/o:centos:centos:6, cpe:/o:centos:centos:7;CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760;10.0;CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C;8.7;CVSS2#E:H/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.6;CVSS:3.0/E:H/RL:O/RC:C;;"Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. + +Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. + +The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. + +Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. +(CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) + +A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) + +It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) + +A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) + +Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. + +A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. +(CVE-2015-4000) + +Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. + +It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) + +Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. +(CVE-2015-2621, CVE-2015-2632) + +A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. +(CVE-2015-2625) + +All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.";AVAILABLE;TRUE;FALSE;CentOS Local Security Checks;;;;;85127;TRUE;FALSE;CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2015:1526) (Bar Mitzvah) (Logjam);2015-07-30T00:00:00Z;2015-07-31T00:00:00Z;2023-04-25T00:00:00Z;2.17;CISA-KNOWN-EXPLOITED=[2022/03/24], CVE=[CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760], RHSA=[2015:1526];http://www.nessus.org/u?71aeb015, http://www.nessus.org/u?ee7fd787, http://www.nessus.org/u?1dcaac4d;Critical;Update the affected java-1.6.0-openjdk packages.;;The remote CentOS host is missing one or more security updates.;LOCAL;FALSE;;731;6.0;HIGH;LOW;VERY_LOW;;;No recorded events;9.0;2015-04-01T00:00:00Z;2023-04-11T12:33:53.316Z;0626c354-7fd4-414b-a3e3-7c4617b342ec;2023-07-12T11:45:16.995Z;"' +Remote package installed : java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el7_0 +Should be : java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1 + + +NOTE: The security advisory associated with this vulnerability has a +fixed package version that may only be available in the continuous +release (CR) repository for CentOS, until it is present in the next +point release of CentOS. + +If an equal or higher package level does not exist in the baseline +repository for your major version of CentOS, then updates from the CR +repository will need to be applied in order to address the +vulnerability. +";0;TCP;;NONE;1e409ea3-111d-4211-9e8b-dcd5037a9242;Low;ACTIVE +6;Blah66;10.0.0.66;fe80:0:0:0:20d:3aff:fea8:5f9;00:0d:3a:a8:05:f9;Blah66;bc9035d4-daae-41c0-9b2a-5cdb628869da;Blah66;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-prod""}]";;;;p-cpe:/a:centos:centos:glibc, p-cpe:/a:centos:centos:glibc-common, p-cpe:/a:centos:centos:glibc-devel, p-cpe:/a:centos:centos:glibc-headers, p-cpe:/a:centos:centos:glibc-static, p-cpe:/a:centos:centos:glibc-utils, p-cpe:/a:centos:centos:nscd, cpe:/o:centos:centos:7;CVE-2019-19126;2.1;CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N;1.6;CVSS2#E:U/RL:OF/RC:C;3.3;CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N;2.9;CVSS:3.0/E:U/RL:O/RC:C;20;"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:3861 advisory. + + - glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;141625;FALSE;FALSE;CentOS 7 : glibc (CESA-2020:3861);2020-10-20T00:00:00Z;2020-10-20T00:00:00Z;2020-11-30T00:00:00Z;1.4;CVE=[CVE-2019-19126], CWE=[20], RHSA=[2020:3861];http://www.nessus.org/u?a3ca8c1b, https://cwe.mitre.org/data/definitions/20.html;Low;Update the affected packages.;;The remote CentOS Linux host is missing a security update.;LOCAL;FALSE;;731;1.4;UNPROVEN;MEDIUM;VERY_LOW;;;No recorded events;1.4;2019-11-19T00:00:00Z;2023-07-06T11:59:22.143Z;06291775-a3a2-4bb5-8839-8d4d5aae7ae0;2023-07-12T12:08:59.773Z;"' +Remote package installed : glibc-2.17-292.el7 +Should be : glibc-2.17-317.el7 + +Remote package installed : glibc-common-2.17-292.el7 +Should be : glibc-common-2.17-317.el7 + + +NOTE: The security advisory associated with this vulnerability has a +fixed package version that may only be available in the continuous +release (CR) repository for CentOS, until it is present in the next +point release of CentOS. + +If an equal or higher package level does not exist in the baseline +repository for your major version of CentOS, then updates from the CR +repository will need to be applied in order to address the +vulnerability. +";0;TCP;;NONE;12fe8132-d877-41c8-bbb8-be9479d3c940;Low;ACTIVE +372;Blah67;10.0.0.67;;;Blah67;ddeb2e26-d582-4e6f-aec3-828038b64a0a;Blah67;;00000000-0000-0000-0000-000000000000;Default;Cisco Device;embedded;"[{""category"":""Office"",""value"":""Amsterdam DRK""},{""category"":""Network_Security"",""value"":""Assets""}]";;;;;;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;;;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N;;;;"The remote SSH server is configured to allow key exchange algorithms which are considered weak. + +This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes: + + diffie-hellman-group-exchange-sha1 + + diffie-hellman-group1-sha1 + + gss-gex-sha1-* + + gss-group1-sha1-* + + gss-group14-sha1-* + + rsa1024-sha1 + +Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.";;FALSE;FALSE;Misc.;;;;;153953;FALSE;FALSE;SSH Weak Key Exchange Algorithms Enabled;;2021-10-13T00:00:00Z;2021-10-13T00:00:00Z;1.2;;http://www.nessus.org/u?b02d91cd, https://datatracker.ietf.org/doc/html/rfc8732;Low;Contact the vendor or consult product documentation to disable the weak algorithms.;;The remote SSH server is configured to allow weak key exchange algorithms.;REMOTE;FALSE;;;;;;;;;;;;2022-07-05T12:14:10.075Z;063d87b4-599b-458a-a53b-80ddd3aeab2d;2023-07-10T07:32:54.089Z;"' +The following weak key exchange algorithms are enabled : + + diffie-hellman-group1-sha1 +";22;TCP;;NONE;a70b8545-fb33-43f4-9d57-a0dd5b754264;Low;RESURFACED +6;Blah68;10.0.0.68;fe80:0:0:0:20d:3aff:fe22:99a4;00:0d:3a:22:99:a4;Blah68;4ac0d767-57e9-46d6-ba43-8e92348ac455;Blah68;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.6 (Sky Tiger);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-prod""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-07-06T12:08:55.914Z;0660c20c-d3dc-4cc2-be52-ee1507825d64;2023-07-12T11:59:11.551Z;"' +The following running daemons are not managed by RPM : + +/opt/consul-agent_exporter/consul-agent_exporter +/opt/consul/consul_1.15.3 +/opt/node_exporter/node_exporter +/opt/traefik/traefik +";0;TCP;;NONE;12fe8132-d877-41c8-bbb8-be9479d3c940;Low;ACTIVE +12;Blah69;10.0.0.69;;00:0d:3a:47:f3:0d;Blah69;ec0cd83c-6ee1-46c9-b406-05ab6fe07b98;Blah69;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Azure"",""value"":""CIT-DSP-Dev""},{""category"":""Owners"",""value"":""hans.vanleijen@tttttttnnnnnn.com},{""category"":""Azure_CC"",""value"":""PP-Device Service Platform""}]";;;;p-cpe:/a:centos:centos:java-1.8.0-openjdk, p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility, p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo, p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel, p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip, p-cpe:/a:centos:centos:java-1.8.0-openjdk-src, cpe:/o:centos:centos:7;CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;192, 330, 400, 770;"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7002 advisory. + + - OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) + + - OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) + + - OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) + + - OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;166552;FALSE;FALSE;CentOS 7 : java-1.8.0-openjdk (CESA-2022:7002);2022-10-26T00:00:00Z;2022-10-26T00:00:00Z;2023-03-22T00:00:00Z;1.3;CVE=[CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628], CWE=[192, 330, 400, 770], RHSA=[2022:7002];http://www.nessus.org/u?0ce1bb6f;Low;Update the affected packages.;;The remote CentOS Linux host is missing one or more security updates.;LOCAL;FALSE;365;181;1.4;FUNCTIONAL;VERY_HIGH;VERY_LOW;;;No recorded events;2.9;2022-10-17T00:00:00Z;2023-06-30T11:39:16.439Z;0662e942-32db-4543-8b31-79e0e245da83;2023-06-30T11:39:16.439Z;"' +Remote package installed : java-1.8.0-openjdk-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-1.8.0.352.b08-2.el7_9 + +Remote package installed : java-1.8.0-openjdk-headless-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el7_9 + +";0;TCP;;NONE;fba55e25-4ec3-4911-b922-e114e89fb06d;Low;NEW +21;Blah70;10.0.0.70;fe80:0:0:0:6245:bdff:fe8b:8873;60:45:bd:8b:88:73;Blah70;40608cbe-5d89-4aad-993c-e47f27bdb9e1;Blah70;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.6 (Sky Tiger);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-dev""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-06-21T11:52:24.403Z;066e7a37-dab6-4889-bd0a-ef36d8d7f60e;2023-07-12T12:07:01.345Z;"' +The following running daemons are not managed by RPM : + +/opt/consul-agent_exporter/consul-agent_exporter +/opt/consul/consul_1.15.3 +/opt/node_exporter/node_exporter +/opt/traefik/traefik +";0;TCP;;NONE;18f99379-95e6-4c04-988d-b3e9a82519c8;Low;ACTIVE +6;Blah71;10.0.0.71;fe80:0:0:0:222:48ff:fe7e:af1e;00:22:48:7e:af:1e;Blah71;7e47608e-20df-485e-9638-748efd988ba0;Blah71;;00000000-0000-0000-0000-000000000000;Default;Ubuntu 18.04.6 LTS (Bionic Beaver);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""Lukasz.Maslowski@tttttttnnnnnn.com},{""category"":""Azure_OU"",""value"":""SEARCH""},{""category"":""Azure_CC"",""value"":""PP-Search""},{""category"":""Azure"",""value"":""Search - prod - Geocode""}]";;;;cpe:/o:canonical:ubuntu_linux:18.04:-:lts, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.4.0-1072, p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.4.0-1072, p-cpe:/a:canonical:ubuntu_linux:linux-aws-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.4.0-1072, p-cpe:/a:canonical:ubuntu_linux:linux-azure, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-cloud-tools-5.4.0-1077, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-headers-5.4.0-1077, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-tools-5.4.0-1077, p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.4.0-1077, p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.4.0-1077, p-cpe:/a:canonical:ubuntu_linux:linux-azure-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.4.0-1077, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1020-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1039-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1059-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1062-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1068-gke, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1070-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1072-aws, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1072-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1077-azure, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-generic, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-109-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1039-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1072-aws, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1077-azure, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109-generic, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-109-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-crashdump, p-cpe:/a:canonical:ubuntu_linux:linux-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-headers-5.4.0-1072, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-tools-5.4.0-1072, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.4.0-1072, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.4.0-1072, p-cpe:/a:canonical:ubuntu_linux:linux-generic, p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-cloud-tools-5.4.0-1039, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-headers-5.4.0-1039, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-source-5.4.0, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-tools-5.4.0-1039, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1020-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1039-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1059-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1062-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1068-gke, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1070-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1072-aws, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1072-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1077-azure, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-generic, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-109-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure, p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-edge, p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic, p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke, p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-edge, p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem, p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-osp1, p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge, p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual, p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-5.4.0-109, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-common, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-headers-5.4.0-109, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-source-5.4.0, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-5.4.0-109, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-common, p-cpe:/a:canonical:ubuntu_linux:linux-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-cloud-tools-common, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-headers-5.4.0-1020, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-source-5.4.0, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-5.4.0-1020, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-common, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-cloud-tools-common, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-edge, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-headers-5.4.0-1020, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-source-5.4.0, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-5.4.0-1020, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-common, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1020-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1039-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1062-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1068-gke, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1070-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1076-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1077-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-generic, p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-gke, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-headers-5.4.0-1068, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-tools-5.4.0-1068, p-cpe:/a:canonical:ubuntu_linux:linux-gke-headers-5.4.0-1068, p-cpe:/a:canonical:ubuntu_linux:linux-gke-tools-5.4.0-1068, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-cloud-tools-5.4.0-1039, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-headers-5.4.0-1039, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-source-5.4.0, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-tools-5.4.0-1039, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-109-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual, p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-gke, p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-oem, p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1, p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1020-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1039-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1062-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1068-gke, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1070-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1076-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1077-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-109-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-109-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual, p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.4.0-1062, p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.4.0-1062, p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1020-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1039-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1059-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1062-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1068-gke, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1070-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1072-aws, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1072-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1077-azure, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-generic, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-109-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1020-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1039-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1068-gke, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1070-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1072-aws, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1072-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1077-azure, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-109-generic, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure, p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-edge, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle-edge, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-oem, p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1, p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1-tools-host, p-cpe:/a:canonical:ubuntu_linux:linux-oem-tools-host, p-cpe:/a:canonical:ubuntu_linux:linux-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-headers-5.4.0-1070, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-tools-5.4.0-1070, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.4.0-1070, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.4.0-1070, p-cpe:/a:canonical:ubuntu_linux:linux-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-headers-5.4.0-1059, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-tools-5.4.0-1059, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.4.0-1059, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-tools-common, p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-edge, p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic, p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke, p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-tools-host, p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-edge, p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem, p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-osp1, p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge, p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-lts-20.04, p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual, p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-virtual, p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.4.0-1059, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure, p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure, p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle-edge, p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle-edge, p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04, p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04-edge, p-cpe:/a:canonical:ubuntu_linux:linux-source, p-cpe:/a:canonical:ubuntu_linux:linux-source-5.4.0, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1020-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1039-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1059-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1062-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1068-gke, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1070-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1072-aws, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1072-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1077-azure, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109, p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-109-generic;CVE-2022-0617, CVE-2022-24448, CVE-2022-24959;1.9;CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N;1.5;CVSS2#E:POC/RL:OF/RC:C;3.3;CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N;3.0;CVSS:3.0/E:P/RL:O/RC:C;;"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5384-1 advisory. + + - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617) + + - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448) + + - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";AVAILABLE;FALSE;FALSE;Ubuntu Local Security Checks;;;;;160025;FALSE;FALSE;Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5384-1);2022-04-20T00:00:00Z;2022-04-21T00:00:00Z;2023-07-10T00:00:00Z;1.4;CVE=[CVE-2022-0617, CVE-2022-24448, CVE-2022-24959], USN=[5384-1];https://ubuntu.com/security/notices/USN-5384-1;Low;Update the affected packages.;;The remote Ubuntu host is missing one or more security updates.;LOCAL;FALSE;730;366;3.6;PROOF_OF_CONCEPT;LOW;VERY_LOW;;;No recorded events;4.4;2022-02-04T00:00:00Z;2023-07-06T12:12:44.240Z;06e7889c-8050-488f-8b4e-0aa9f2c586c1;2023-07-12T12:11:02.878Z;"' + - Installed package : linux-azure_5.4.0.1063.43 + Fixed package : linux-azure_5.4.0.1077.56 + + - Installed package : linux-azure-5.4-cloud-tools-5.4.0-1063_5.4.0-1063.66~18.04.1 + Fixed package : linux-azure-5.4-cloud-tools-5.4.0-_5.4.0-1077.80~18.04.1 + + - Installed package : linux-azure-5.4-headers-5.4.0-1063_5.4.0-1063.66~18.04.1 + Fixed package : linux-azure-5.4-headers-5.4.0-_5.4.0-1077.80~18.04.1 + + - Installed package : linux-azure-5.4-tools-5.4.0-1063_5.4.0-1063.66~18.04.1 + Fixed package : linux-azure-5.4-tools-5.4.0-_5.4.0-1077.80~18.04.1 + + - Installed package : linux-cloud-tools-5.4.0-1063-azure_5.4.0-1063.66~18.04.1 + Fixed package : linux-cloud-tools-5.4.0--azure_5.4.0-1077.80~18.04.1 + + - Installed package : linux-cloud-tools-azure_5.4.0.1063.43 + Fixed package : linux-cloud-tools-azure_5.4.0.1077.56 + + - Installed package : linux-headers-5.4.0-1063-azure_5.4.0-1063.66~18.04.1 + Fixed package : linux-headers-5.4.0--azure_5.4.0-1077.80~18.04.1 + + - Installed package : linux-headers-azure_5.4.0.1063.43 + Fixed package : linux-headers-azure_5.4.0.1077.56 + + - Installed package : linux-image-5.4.0-1063-azure_5.4.0-1063.66~18.04.1 + Fixed package : linux-image-5.4.0--azure_5.4.0-1077.80~18.04.1 + + - Installed package : linux-image-azure_5.4.0.1063.43 + Fixed package : linux-image-azure_5.4.0.1077.56 + + - Installed package : linux-modules-5.4.0-1063-azure_5.4.0-1063.66~18.04.1 + Fixed package : linux-modules-5.4.0--azure_5.4.0-1077.80~18.04.1 + + - Installed package : linux-modules-extra-5.4.0-1063-azure_5.4.0-1063.66~18.04.1 + Fixed package : linux-modules-extra-5.4.0--azure_5.4.0-1077.80~18.04.1 + + - Installed package : linux-tools-5.4.0-1063-azure_5.4.0-1063.66~18.04.1 + Fixed package : linux-tools-5.4.0--azure_5.4.0-1077.80~18.04.1 + + - Installed package : linux-tools-azure_5.4.0.1063.43 + Fixed package : linux-tools-azure_5.4.0.1077.56 + + +Because Debian/Ubuntu linux packages increment their package name numbers as +well as their version numbers, an update may not be available for the +current kernel level, but the package will still be vulnerable. You may +need to update the kernel level in order to get the latest security +fixes available.";0;TCP;;NONE;a4838595-ade3-4175-b602-7ab22df4e644;Low;ACTIVE +28;Blah72;10.0.0.72;;e4:54:e8:82:f7:95;Blah72;b9f80fee-893b-4616-95fd-d3726871c57b;Blah72;;00000000-0000-0000-0000-000000000000;Default;Microsoft Windows 10 Enterprise Build 19045;general-purpose;"[{""category"":""Endpoints"",""value"":""all""},{""category"":""Endpoints"",""value"":""Windows""}]";;;;cpe:/a:microsoft:snip_and_sketch;CVE-2023-28303;2.1;CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N;1.6;CVSS2#E:U/RL:OF/RC:C;3.3;CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N;2.9;CVSS:3.0/E:U/RL:O/RC:C;;"An information disclosure vulnerability exists in Windows Snip & Sketch (Windows 10) and Snipping Tool (Windows 11) where parts of a cropped image that were to be removed are not completely deleted and can be restored if saved to the cropped image file. + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;Windows;;;;;177217;FALSE;FALSE;Windows Snip & Sketch/ Snipping Tool CVE-2023-28303 (Acropalypse);2023-03-24T00:00:00Z;2023-06-13T00:00:00Z;2023-06-14T00:00:00Z;1.1;CVE=[CVE-2023-28303];http://www.nessus.org/u?ad297874;Low;Upgrade to Snip & Sketch 10.2008.3001.0 for Windows 10, Snipping Tool 11.2302.20.0 for Windows 11, or later.;;The remote web server hosts an application that is affected by an information disclosure vulnerability.;REMOTE;FALSE;30;8;1.4;UNPROVEN;LOW;VERY_LOW;120;31;No recorded events;2.2;2023-03-24T00:00:00Z;2023-06-15T00:29:42.442Z;06edb0c6-056d-4149-b22a-6d896e9355e6;2023-07-13T00:44:38.174Z;"' + Path : C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.2008.2277.0_x64__8wekyb3d8bbwe + Installed version : 10.2008.2277.0 + Fixed version : 10.2008.3001.0 +";0;TCP;;NONE;41b41fd5-99f1-4050-833f-1e3aaec58b9f;Low;ACTIVE +20;Blah73;10.0.0.73;fe80:0:0:0:20d:3aff:fe39:2af8;00:0d:3a:39:2a:f8;Blah73;0ba90406-30ad-4b96-b45f-f5edc1f84b30;Blah73;;00000000-0000-0000-0000-000000000000;Default;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-orlando-dev""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-06-22T12:09:22.654Z;06f07279-3e32-4235-bbbb-3c6520ae5cd8;2023-07-12T12:13:51.570Z;"' +The following running daemons are not managed by RPM : + +/opt/prometheus/exporters/dist/node_exporter-0.17.0.linux-amd64/node_exporter +/opt/rapid7/ir_agent/components/insight_agent/3.3.2.35/ir_agent +";0;TCP;;NONE;a1b10bb5-52cf-4b23-b223-1c3619e0332e;Low;ACTIVE +19;Blah74;10.0.0.74;fe80:0:0:0:20d:3aff:fe20:4290;00:0d:3a:20:42:90;Blah74;2f058c6d-e8f2-444f-ba10-55d288f574b5;Blah74;;00000000-0000-0000-0000-000000000000;Default;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_OU"",""value"":""PU Delivery""},{""category"":""Azure_CC"",""value"":""MAPS-PU Delivery""},{""category"":""Azure_BU"",""value"":""Maps""},{""category"":""Azure"",""value"":""nds-prod""}]";;;;p-cpe:/a:centos:centos:dnsmasq, p-cpe:/a:centos:centos:dnsmasq-utils, cpe:/o:centos:centos:7;CVE-2020-25684, CVE-2020-25685, CVE-2020-25686;4.3;CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N;3.2;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;358;"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0153 advisory. + + - dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) + + - dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685) + + - dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;145439;FALSE;FALSE;CentOS 7 : dnsmasq (CESA-2021:0153);2021-01-25T00:00:00Z;2021-01-26T00:00:00Z;2022-12-05T00:00:00Z;1.4;CVE=[CVE-2020-25684, CVE-2020-25685, CVE-2020-25686], CWE=[358], RHSA=[2021:0153];http://www.nessus.org/u?09cecf18, https://cwe.mitre.org/data/definitions/358.html;Medium;Update the affected dnsmasq and / or dnsmasq-utils packages.;;The remote CentOS Linux host is missing one or more security updates.;LOCAL;FALSE;;731;1.4;UNPROVEN;MEDIUM;VERY_LOW;;;No recorded events;2.2;2021-01-19T00:00:00Z;2023-06-23T12:16:33.667Z;07135946-a680-4802-b13f-568e37958a69;2023-07-12T12:00:54.253Z;"' +Remote package installed : dnsmasq-2.76-10.el7_7.1 +Should be : dnsmasq-2.76-16.el7_9.1 + +Remote package installed : dnsmasq-utils-2.76-10.el7_7.1 +Should be : dnsmasq-utils-2.76-16.el7_9.1 + +";0;TCP;;NONE;369a932f-8141-42ac-85cc-645634caebf6;Low;ACTIVE +380;Blah75;10.0.0.75;;;Blah75;7dd16b75-8ee8-422f-9541-f1b6e5c20366;Blah75;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 3.13 on Ubuntu 14.04 (trusty);general-purpose;"[{""category"":""Office"",""value"":""Eindhoven""}]";;;;;;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;;;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N;;;;"The remote SSH server is configured to allow key exchange algorithms which are considered weak. + +This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes: + + diffie-hellman-group-exchange-sha1 + + diffie-hellman-group1-sha1 + + gss-gex-sha1-* + + gss-group1-sha1-* + + gss-group14-sha1-* + + rsa1024-sha1 + +Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.";;FALSE;FALSE;Misc.;;;;;153953;FALSE;FALSE;SSH Weak Key Exchange Algorithms Enabled;;2021-10-13T00:00:00Z;2021-10-13T00:00:00Z;1.2;;http://www.nessus.org/u?b02d91cd, https://datatracker.ietf.org/doc/html/rfc8732;Low;Contact the vendor or consult product documentation to disable the weak algorithms.;;The remote SSH server is configured to allow weak key exchange algorithms.;REMOTE;FALSE;;;;;;;;;;;;2022-06-27T12:27:30.880Z;07156aa2-1578-4d5d-b6f4-e3ccc222c2af;2023-07-10T15:23:04.165Z;"' +The following weak key exchange algorithms are enabled : + + diffie-hellman-group-exchange-sha1 + diffie-hellman-group1-sha1 +";22;TCP;;NONE;06f8d74d-94b0-4a80-b581-fc3c273cc695;Low;RESURFACED +376;Blah76;10.0.0.76;;;Blah76;52085b7c-379a-42f6-9aad-e6dc61d49ef7;Blah76;;00000000-0000-0000-0000-000000000000;Default;Ubuntu 16.04 Linux Kernel 4.4;unknown;"[{""category"":""Office"",""value"":""pune2""},{""category"":""Network_Security"",""value"":""Assets""},{""category"":""Office"",""value"":""Pune""}]";;;32319;;CVE-2008-5161;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;;;;;200;"The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. + +Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.";NOT_AVAILABLE;FALSE;FALSE;Misc.;;;;;70658;FALSE;FALSE;SSH Server CBC Mode Ciphers Enabled;;2013-10-28T00:00:00Z;2018-07-30T00:00:00Z;1.4;BUGTRAQ=[32319], CERT=[958563], CVE=[CVE-2008-5161], CWE=[200];;Low;Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.;;The SSH server is configured to use Cipher Block Chaining.;REMOTE;FALSE;;731;2.5;UNPROVEN;HIGH;VERY_LOW;;;No recorded events;2.5;2008-11-24T00:00:00Z;2022-07-01T08:42:51.567Z;0796e0f2-4969-4854-9f03-46552b6990ab;2023-07-11T13:43:41.727Z;"' +The following client-to-server Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes256-cbc + +The following server-to-client Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes256-cbc +";22;TCP;;NONE;8aad221d-7476-4c0c-a177-0d6498dad745;Low;RESURFACED +368;Blah77;10.0.0.77;;;Blah77;d273fc4c-eaeb-47da-91cb-d0be218bd50f;Blah77;;00000000-0000-0000-0000-000000000000;Default;F5 Networks BIG-IP;load-balancer;"[{""category"":""Data_Centers"",""value"":""EMEA: Data Center 1""}]";;;32319;;CVE-2008-5161;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;;;;;200;"The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. + +Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.";NOT_AVAILABLE;FALSE;FALSE;Misc.;;;;;70658;FALSE;FALSE;SSH Server CBC Mode Ciphers Enabled;;2013-10-28T00:00:00Z;2018-07-30T00:00:00Z;1.4;BUGTRAQ=[32319], CERT=[958563], CVE=[CVE-2008-5161], CWE=[200];;Low;Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.;;The SSH server is configured to use Cipher Block Chaining.;REMOTE;FALSE;;731;2.5;UNPROVEN;HIGH;VERY_LOW;;;No recorded events;2.5;2008-11-24T00:00:00Z;2022-07-10T00:27:38.683Z;079781ca-695b-4e1f-b505-bac25fdefacc;2023-07-09T00:08:31.714Z;"' +The following client-to-server Cipher Block Chaining (CBC) algorithms +are supported : + + aes128-cbc + aes192-cbc + aes256-cbc + +The following server-to-client Cipher Block Chaining (CBC) algorithms +are supported : + + aes128-cbc + aes192-cbc + aes256-cbc +";22;TCP;;NONE;4e68d1bf-9631-41b9-b2f6-c6d6f294d6c0;Low;ACTIVE +19;Blah78;10.0.0.78;fe80:0:0:0:20d:3aff:fe4a:382;00:0d:3a:4a:03:82;Blah78;7ff1afe0-90fc-41bb-908f-d69a59e3fc33;Blah78;;00000000-0000-0000-0000-000000000000;Default;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_OU"",""value"":""PU Delivery""},{""category"":""Azure_CC"",""value"":""MAPS-PU Delivery""},{""category"":""Azure_BU"",""value"":""Maps""},{""category"":""Azure"",""value"":""nds-prod""}]";;;;p-cpe:/a:centos:centos:java-11-openjdk, p-cpe:/a:centos:centos:java-11-openjdk-demo, p-cpe:/a:centos:centos:java-11-openjdk-devel, p-cpe:/a:centos:centos:java-11-openjdk-headless, p-cpe:/a:centos:centos:java-11-openjdk-javadoc, p-cpe:/a:centos:centos:java-11-openjdk-javadoc-zip, p-cpe:/a:centos:centos:java-11-openjdk-jmods, p-cpe:/a:centos:centos:java-11-openjdk-src, p-cpe:/a:centos:centos:java-11-openjdk-static-libs, cpe:/o:centos:centos:7;CVE-2023-21835, CVE-2023-21843;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;400, 646;"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:0195 advisory. + + - OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) + + - OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;170861;FALSE;FALSE;CentOS 7 : java-11-openjdk (CESA-2023:0195);2023-01-30T00:00:00Z;2023-01-30T00:00:00Z;2023-01-30T00:00:00Z;1.0;CVE=[CVE-2023-21835, CVE-2023-21843], CWE=[400, 646], RHSA=[2023:0195];http://www.nessus.org/u?75f0c145;Low;Update the affected packages.;;The remote CentOS Linux host is missing one or more security updates.;LOCAL;FALSE;180;61;1.4;UNPROVEN;MEDIUM;VERY_LOW;;;No recorded events;1.4;2023-01-17T00:00:00Z;2023-06-23T12:14:13.279Z;07bd8e21-84de-4863-9d74-0e6b64fca45e;2023-07-12T11:53:13.882Z;"' +Remote package installed : java-11-openjdk-11.0.6.10-1.el7_7 +Should be : java-11-openjdk-11.0.18.0.10-1.el7_9 + +Remote package installed : java-11-openjdk-devel-11.0.6.10-1.el7_7 +Should be : java-11-openjdk-devel-11.0.18.0.10-1.el7_9 + +Remote package installed : java-11-openjdk-headless-11.0.6.10-1.el7_7 +Should be : java-11-openjdk-headless-11.0.18.0.10-1.el7_9 + +";0;TCP;;NONE;369a932f-8141-42ac-85cc-645634caebf6;Low;ACTIVE +6;Blah79;10.0.0.79;fe80:0:0:0:20d:3aff:feae:14fc;00:0d:3a:ae:14:fc;Blah79;79720dd5-b80e-47b2-8b27-d2712da88e8f;Blah79;;00000000-0000-0000-0000-000000000000;Default;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_OU"",""value"":""PU Delivery""},{""category"":""Azure_CC"",""value"":""MAPS-PU Delivery""},{""category"":""Azure_BU"",""value"":""Maps""},{""category"":""Azure"",""value"":""nds-prod""}]";;;;p-cpe:/a:centos:centos:libgudev1, p-cpe:/a:centos:centos:libgudev1-devel, p-cpe:/a:centos:centos:systemd, p-cpe:/a:centos:centos:systemd-devel, p-cpe:/a:centos:centos:systemd-journal-gateway, p-cpe:/a:centos:centos:systemd-libs, p-cpe:/a:centos:centos:systemd-networkd, p-cpe:/a:centos:centos:systemd-python, p-cpe:/a:centos:centos:systemd-resolved, p-cpe:/a:centos:centos:systemd-sysv, cpe:/o:centos:centos:7;CVE-2019-20386;2.1;CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P;1.6;CVSS2#E:U/RL:OF/RC:C;2.4;CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L;2.1;CVSS:3.0/E:U/RL:O/RC:C;400;"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4007 advisory. + + - systemd: memory leak in button_open() in login/logind-button.c when udev events are received (CVE-2019-20386) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;141588;FALSE;FALSE;CentOS 7 : systemd (CESA-2020:4007);2020-10-20T00:00:00Z;2020-10-20T00:00:00Z;2020-11-30T00:00:00Z;1.4;CVE=[CVE-2019-20386], CWE=[400], RHSA=[2020:4007];http://www.nessus.org/u?9db51b2f, https://cwe.mitre.org/data/definitions/400.html;Low;Update the affected packages.;;The remote CentOS Linux host is missing a security update.;LOCAL;FALSE;;731;1.4;UNPROVEN;HIGH;VERY_LOW;;;No recorded events;2.2;2020-01-21T00:00:00Z;2023-07-06T12:01:30.620Z;07c1c7c0-a0ee-47b5-bd61-18024b470dad;2023-07-12T11:38:53.299Z;"' +Remote package installed : systemd-219-67.el7_7.2 +Should be : systemd-219-78.el7 + +Remote package installed : systemd-libs-219-67.el7_7.2 +Should be : systemd-libs-219-78.el7 + +Remote package installed : systemd-python-219-67.el7_7.2 +Should be : systemd-python-219-78.el7 + +Remote package installed : systemd-sysv-219-67.el7_7.2 +Should be : systemd-sysv-219-78.el7 + + +NOTE: The security advisory associated with this vulnerability has a +fixed package version that may only be available in the continuous +release (CR) repository for CentOS, until it is present in the next +point release of CentOS. + +If an equal or higher package level does not exist in the baseline +repository for your major version of CentOS, then updates from the CR +repository will need to be applied in order to address the +vulnerability. +";0;TCP;;NONE;369a932f-8141-42ac-85cc-645634caebf6;Low;ACTIVE +72;Blah80;10.0.0.80;2400:2200:3c3:db8f:1fd0:f9ce:2dd:b6bb;80:38:fb:f1:9a:37;Blah80;48085ddf-8818-49f0-86a8-6b3be7aeaebd;Blah80;;00000000-0000-0000-0000-000000000000;Default;Ubuntu 22.04.2 LTS (Jammy Jellyfish);general-purpose;"[{""category"":""Endpoints"",""value"":""all""},{""category"":""Endpoints"",""value"":""Linux""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-05-02T03:18:27.445Z;07e042c5-2c25-4b85-9280-151c551457de;2023-07-13T02:26:25.746Z;"' +The following running daemon is not managed by dpkg : + +/usr/sbin/dhclient +";0;TCP;;NONE;18ce976c-e315-475e-90a7-54f3234823d0;Low;RESURFACED +19;Blah81;10.0.0.81;fe80:0:0:0:20d:3aff:fe2f:aae0;00:0d:3a:2f:aa:e0;Blah81;6da798fb-85ce-4389-9e3f-51a15f8ac53b;Blah81;;00000000-0000-0000-0000-000000000000;Default;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_OU"",""value"":""PU Delivery""},{""category"":""Azure_CC"",""value"":""MAPS-PU Delivery""},{""category"":""Azure_BU"",""value"":""Maps""},{""category"":""Azure"",""value"":""nds-prod""}]";;;;p-cpe:/a:centos:centos:glibc, p-cpe:/a:centos:centos:glibc-common, p-cpe:/a:centos:centos:glibc-devel, p-cpe:/a:centos:centos:glibc-headers, p-cpe:/a:centos:centos:glibc-static, p-cpe:/a:centos:centos:glibc-utils, p-cpe:/a:centos:centos:nscd, cpe:/o:centos:centos:7;CVE-2019-19126;2.1;CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N;1.6;CVSS2#E:U/RL:OF/RC:C;3.3;CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N;2.9;CVSS:3.0/E:U/RL:O/RC:C;20;"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:3861 advisory. + + - glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;141625;FALSE;FALSE;CentOS 7 : glibc (CESA-2020:3861);2020-10-20T00:00:00Z;2020-10-20T00:00:00Z;2020-11-30T00:00:00Z;1.4;CVE=[CVE-2019-19126], CWE=[20], RHSA=[2020:3861];http://www.nessus.org/u?a3ca8c1b, https://cwe.mitre.org/data/definitions/20.html;Low;Update the affected packages.;;The remote CentOS Linux host is missing a security update.;LOCAL;FALSE;;731;1.4;UNPROVEN;MEDIUM;VERY_LOW;;;No recorded events;1.4;2019-11-19T00:00:00Z;2023-06-23T12:09:30.539Z;07e2555d-856b-403a-ba2c-87587a72bdeb;2023-07-12T11:55:14.864Z;"' +Remote package installed : glibc-2.17-292.el7 +Should be : glibc-2.17-317.el7 + +Remote package installed : glibc-common-2.17-292.el7 +Should be : glibc-common-2.17-317.el7 + + +NOTE: The security advisory associated with this vulnerability has a +fixed package version that may only be available in the continuous +release (CR) repository for CentOS, until it is present in the next +point release of CentOS. + +If an equal or higher package level does not exist in the baseline +repository for your major version of CentOS, then updates from the CR +repository will need to be applied in order to address the +vulnerability. +";0;TCP;;NONE;369a932f-8141-42ac-85cc-645634caebf6;Low;ACTIVE +20;Blah82;10.0.0.82;fe80:0:0:0:6245:bdff:fe87:c82c;60:45:bd:87:c8:2c;Blah82;293b3438-6933-43c9-99c5-f9bdb692e49f;Blah82;;00000000-0000-0000-0000-000000000000;Default;AlmaLinux 8.5 (Arctic Sphynx);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""bruce.adam@tttttttnnnnnn.com},{""category"":""Azure_OU"",""value"":""PU PLATFORM""},{""category"":""Azure_CC"",""value"":""MAPS-Floating car Data""},{""category"":""Azure_BU"",""value"":""Maps""},{""category"":""Azure"",""value"":""consumer-sport-fws-prod""}]";;;;p-cpe:/a:alma:linux:grub2-common, p-cpe:/a:alma:linux:grub2-efi-aa64, p-cpe:/a:alma:linux:grub2-efi-aa64-cdboot, p-cpe:/a:alma:linux:grub2-efi-aa64-modules, p-cpe:/a:alma:linux:grub2-efi-ia32, p-cpe:/a:alma:linux:grub2-efi-ia32-cdboot, p-cpe:/a:alma:linux:grub2-efi-ia32-modules, p-cpe:/a:alma:linux:grub2-efi-x64, p-cpe:/a:alma:linux:grub2-efi-x64-cdboot, p-cpe:/a:alma:linux:grub2-efi-x64-modules, p-cpe:/a:alma:linux:grub2-pc, p-cpe:/a:alma:linux:grub2-pc-modules, p-cpe:/a:alma:linux:grub2-ppc64le-modules, p-cpe:/a:alma:linux:grub2-tools, p-cpe:/a:alma:linux:grub2-tools-efi, p-cpe:/a:alma:linux:grub2-tools-extra, p-cpe:/a:alma:linux:grub2-tools-minimal, cpe:/o:alma:linux:8;CVE-2021-3981;2.1;CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N;1.6;CVSS2#E:U/RL:OF/RC:C;3.3;CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N;2.9;CVSS:3.0/E:U/RL:O/RC:C;;"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:2110 advisory. + + - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. + This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. (CVE-2021-3981) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;Alma Linux Local Security Checks;;;;;161091;FALSE;FALSE;AlmaLinux 8 : grub2 (ALSA-2022:2110);2022-05-10T00:00:00Z;2022-05-12T00:00:00Z;2022-05-12T00:00:00Z;1.2;CVE=[CVE-2021-3981];https://errata.almalinux.org/8/ALSA-2022-2110.html;Low;Update the affected packages.;;The remote AlmaLinux host is missing a security update.;LOCAL;FALSE;730;366;1.4;UNPROVEN;LOW;VERY_LOW;;;No recorded events;1.4;2022-03-10T00:00:00Z;2023-06-22T12:20:39.295Z;08245477-901f-4cd9-8dd0-9f6e18e0f5e6;2023-07-12T12:14:28.603Z;"' +Remote package installed : grub2-common-2.02-106.el8.alma +Should be : grub2-common-2.02-123.el8.alma + +Remote package installed : grub2-efi-x64-2.02-106.el8.alma +Should be : grub2-efi-x64-2.02-123.el8.alma + +Remote package installed : grub2-pc-modules-2.02-106.el8.alma +Should be : grub2-pc-modules-2.02-123.el8.alma + +Remote package installed : grub2-tools-2.02-106.el8.alma +Should be : grub2-tools-2.02-123.el8.alma + +Remote package installed : grub2-tools-extra-2.02-106.el8.alma +Should be : grub2-tools-extra-2.02-123.el8.alma + +Remote package installed : grub2-tools-minimal-2.02-106.el8.alma +Should be : grub2-tools-minimal-2.02-123.el8.alma + +";0;TCP;;NONE;8d415c91-c867-4dca-9a05-b2a2e8376a37;Low;ACTIVE +76;Blah83;10.0.0.83;fe80:0:0:0:20d:3aff:fe20:15f4;00:0d:3a:20:15:f4;Blah83;03339f00-1839-4a68-8238-374e40506291;Blah83;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;Ubuntu 20.04.6 LTS (Focal Fossa);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Azure"",""value"":""cit-storage-dev""},{""category"":""Owners"",""value"":""Artem.Zaitsev@tomtom.com;guido.blenk@tttttttnnnnnn.com},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_CC"",""value"":""PP-Storage""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-04-27T11:42:30.355Z;082b8b0a-98c8-4f3e-8784-0871d07577a5;2023-07-12T11:49:34.446Z;"' +The following running daemons are not managed by dpkg : + +/opt/VRTSpbx/bin/pbx_exchange +/opt/rapid7/ir_agent/components/insight_agent/3.3.2.35/ir_agent +/usr/openv/netbackup/bin/bpcd +/usr/openv/netbackup/bin/vnetd +";0;TCP;;NONE;36689532-382c-4bf7-a08e-54157a828caf;Low;ACTIVE +21;Blah84;10.0.0.84;fe80:0:0:0:20d:3aff:febe:b99f;00:0d:3a:be:b9:9f;Blah84;0e6cb629-181d-4460-859c-ead0e29b72b5;Blah84;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.6 (Sky Tiger);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-dev""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-06-21T12:14:58.332Z;08763144-1b25-4bfe-8193-d54d0bad7e10;2023-07-12T12:01:33.248Z;"' +The following running daemons are not managed by RPM : + +/opt/consul-agent_exporter/consul-agent_exporter +/opt/consul/consul_1.15.3 +/opt/node_exporter/node_exporter +/opt/traefik/traefik +";0;TCP;;NONE;18f99379-95e6-4c04-988d-b3e9a82519c8;Low;ACTIVE +0;Blah85;10.0.0.85;fe80:0:0:0:6245:bdff:fef3:a724;60:45:bd:f3:a7:24;Blah85;49a84873-01a8-4967-b3d7-f724c8675213;Blah85;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.8 (Sapphire Caracal);general-purpose;;;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-07-12T11:55:24.024Z;08809826-f6d4-4ff4-87f6-77b961bf5230;2023-07-12T11:55:24.024Z;"' +The following running daemons are not managed by RPM : + +/opt/grok_exporter/grok_exporter +/opt/prometheus/exporters/dist/node_exporter-0.18.1.linux-amd64/node_exporter +";0;TCP;;NONE;cb0fc0ca-e6eb-498e-9595-c41d6b82159c;Low;NEW +429;Blah86;10.0.0.86;;;Blah86;55ccd512-a542-4c6b-aaf6-e4edf7a094fb;Blah86;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 3.2, Linux Kernel 3.3, Linux Kernel 3.1;general-purpose;"[{""category"":""Office"",""value"":""pune2""},{""category"":""Office"",""value"":""Pune""}]";;;;;;;;;;;;;;;"At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048 bits. + +Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally, some SSL certificate vendors may revoke certificates less than 2048 bits before January 1, 2014. + +Note that Nessus will not flag root certificates with RSA keys less than 2048 bits if they were issued prior to December 31, 2010, as the standard considers them exempt.";;FALSE;FALSE;General;;;;;69551;FALSE;FALSE;SSL Certificate Chain Contains RSA Keys Less Than 2048 bits;;2013-09-03T00:00:00Z;2018-11-15T00:00:00Z;1.4;;https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf;Low;Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and reissue any certificates signed by the old certificate.;;The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits.;REMOTE;FALSE;;;;;;;;;;;;2022-05-09T12:21:45.602Z;08823586-3b8b-41ff-98b4-dbbedb3ed8d7;2023-07-11T20:51:21.228Z;"' +The following certificates were part of the certificate chain +sent by the remote host, but contain RSA keys that are considered +to be weak : + +|-Subject : C=NL/ST=Zuid-Holland/L=Gouda/O=Siqura/CN=06e16d61ea3a42f8a8dc706b3b9f2953/E=sales.nl@tkhsecurity.com +|-RSA Key Length : 1024 bits +";443;TCP;;NONE;2e2616c4-73be-4a5f-8462-0363fd979993;Low;RESURFACED +429;Blah87;10.0.0.87;;;Blah87;227c16a7-29fe-480d-858b-95ec969e7e7b;Blah87;;00000000-0000-0000-0000-000000000000;Default;CISCO IOS 12, CISCO PIX, Cisco IOS XE, CISCO IOS 15;router;"[{""category"":""Office"",""value"":""Eindhoven""}]";;;;;;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;;;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N;;;;"The remote SSH server is configured to allow key exchange algorithms which are considered weak. + +This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes: + + diffie-hellman-group-exchange-sha1 + + diffie-hellman-group1-sha1 + + gss-gex-sha1-* + + gss-group1-sha1-* + + gss-group14-sha1-* + + rsa1024-sha1 + +Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.";;FALSE;FALSE;Misc.;;;;;153953;FALSE;FALSE;SSH Weak Key Exchange Algorithms Enabled;;2021-10-13T00:00:00Z;2021-10-13T00:00:00Z;1.2;;http://www.nessus.org/u?b02d91cd, https://datatracker.ietf.org/doc/html/rfc8732;Low;Contact the vendor or consult product documentation to disable the weak algorithms.;;The remote SSH server is configured to allow weak key exchange algorithms.;REMOTE;FALSE;;;;;;;;;;;;2022-05-09T10:04:40.921Z;0894cb20-aa14-4348-af13-58dd0da22684;2023-07-10T13:48:01.762Z;"' +The following weak key exchange algorithms are enabled : + + diffie-hellman-group-exchange-sha1 +";22;TCP;;NONE;06f8d74d-94b0-4a80-b581-fc3c273cc695;Low;RESURFACED +0;Blah88;10.0.0.88;fe80:0:0:0:6245:bdff:fe96:b927;60:45:bd:96:b9:27;Blah88;0c9f2a1a-f53a-4ab6-aa5d-43ed1345e766;Blah88;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.8 (Sapphire Caracal);general-purpose;;;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-07-12T11:53:42.588Z;08a66cfe-707c-4856-9bca-3b1ecf1ff90f;2023-07-12T11:53:42.588Z;"' +The following running daemons are not managed by RPM : + +/opt/grok_exporter/grok_exporter +/opt/prometheus/exporters/dist/node_exporter-0.18.1.linux-amd64/node_exporter +/opt/prometheus/exporters/dist/prometheus_varnish_exporter-1.6.1.linux-amd64/prometheus_varnish_exporter +";0;TCP;;NONE;cb0fc0ca-e6eb-498e-9595-c41d6b82159c;Low;NEW +379;Blah89;10.0.0.89;;;Blah89;4d869672-6935-49c3-96bf-def097c8895d;Blah89;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 2.6;unknown;"[{""category"":""Office"",""value"":""ODE-TEST""},{""category"":""Office"",""value"":""Amsterdam ODE""},{""category"":""Office"",""value"":""Office Farmington Servers""},{""category"":""Network_Security"",""value"":""Assets""},{""category"":""Office"",""value"":""Farmington""}]";;;32319;;CVE-2008-5161;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;;;;;200;"The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. + +Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.";NOT_AVAILABLE;FALSE;FALSE;Misc.;;;;;70658;FALSE;FALSE;SSH Server CBC Mode Ciphers Enabled;;2013-10-28T00:00:00Z;2018-07-30T00:00:00Z;1.4;BUGTRAQ=[32319], CERT=[958563], CVE=[CVE-2008-5161], CWE=[200];;Low;Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.;;The SSH server is configured to use Cipher Block Chaining.;REMOTE;FALSE;;731;2.5;UNPROVEN;HIGH;VERY_LOW;;;No recorded events;2.5;2008-11-24T00:00:00Z;2022-06-28T16:41:36.362Z;08b2ad89-422e-4566-be19-71e763a8cfe6;2023-07-13T07:21:29.712Z;"' +The following client-to-server Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes192-cbc + aes256-cbc + blowfish-cbc + cast128-cbc + rijndael-cbc@lysator.liu.se + +The following server-to-client Cipher Block Chaining (CBC) algorithms +are supported : + + 3des-cbc + aes128-cbc + aes192-cbc + aes256-cbc + blowfish-cbc + cast128-cbc + rijndael-cbc@lysator.liu.se +";22;TCP;;NONE;3c4e9b78-4d8d-4c8e-bb7d-b0e36e0205f9;Low;RESURFACED +429;Blah90;10.0.0.90;;;Blah90;8786ff4e-52ce-41c0-989c-011ca7a03dfe;Blah90;;00000000-0000-0000-0000-000000000000;Default;Debian 7.0 Linux Kernel 3.2;unknown;"[{""category"":""Office"",""value"":""pune2""},{""category"":""Office"",""value"":""Pune""}]";;;;;;;;;;;;;;;"At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048 bits. + +Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally, some SSL certificate vendors may revoke certificates less than 2048 bits before January 1, 2014. + +Note that Nessus will not flag root certificates with RSA keys less than 2048 bits if they were issued prior to December 31, 2010, as the standard considers them exempt.";;FALSE;FALSE;General;;;;;69551;FALSE;FALSE;SSL Certificate Chain Contains RSA Keys Less Than 2048 bits;;2013-09-03T00:00:00Z;2018-11-15T00:00:00Z;1.4;;https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf;Low;Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and reissue any certificates signed by the old certificate.;;The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits.;REMOTE;FALSE;;;;;;;;;;;;2022-05-09T12:25:22.952Z;08c35ad4-31d8-47fd-972c-c9c3e22bf3b7;2023-07-11T19:25:45.265Z;"' +The following certificates were part of the certificate chain +sent by the remote host, but contain RSA keys that are considered +to be weak : + +|-Subject : C=NL/ST=Zuid-Holland/L=Gouda/O=Siqura/CN=e25dae7fe793ad0bc7f6eb6b03f3b82c/E=sales.nl@tkhsecurity.com +|-RSA Key Length : 1024 bits +";8443;TCP;;NONE;8aad221d-7476-4c0c-a177-0d6498dad745;Low;RESURFACED +21;Blah91;10.0.0.91;fe80:0:0:0:20d:3aff:fe2d:777c;00:0d:3a:2d:77:7c;Blah91;aff0bc8c-07f0-464c-b0f8-867fba4ee075;Blah91;;00000000-0000-0000-0000-000000000000;Default;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-orlando-dev""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2023-06-21T12:15:41.648Z;08c4dd28-39e6-4dda-8cda-1c6430eb951a;2023-07-12T12:10:33.866Z;"' +The following running daemons are not managed by RPM : + +/opt/prometheus/exporters/dist/node_exporter-0.17.0.linux-amd64/node_exporter +/opt/rapid7/ir_agent/components/insight_agent/3.3.2.35/ir_agent +";0;TCP;;NONE;a1b10bb5-52cf-4b23-b223-1c3619e0332e;Low;ACTIVE +6;Blah92;10.0.0.92;fe80:0:0:0:20d:3aff:feab:710a;00:0d:3a:ab:71:0a;Blah92;111bf6e4-f320-4717-ab3e-040fe634a1fe;Blah92;;00000000-0000-0000-0000-000000000000;Default;Linux Kernel 3.10.0-1062.9.1.el7.x86_64 on CentOS Linux release 7.7.1908 (Core);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure_OU"",""value"":""PU Delivery""},{""category"":""Azure_CC"",""value"":""MAPS-PU Delivery""},{""category"":""Azure_BU"",""value"":""Maps""},{""category"":""Azure"",""value"":""nds-prod""}]";;;;p-cpe:/a:centos:centos:libgudev1, p-cpe:/a:centos:centos:libgudev1-devel, p-cpe:/a:centos:centos:systemd, p-cpe:/a:centos:centos:systemd-devel, p-cpe:/a:centos:centos:systemd-journal-gateway, p-cpe:/a:centos:centos:systemd-libs, p-cpe:/a:centos:centos:systemd-networkd, p-cpe:/a:centos:centos:systemd-python, p-cpe:/a:centos:centos:systemd-resolved, p-cpe:/a:centos:centos:systemd-sysv, cpe:/o:centos:centos:7;CVE-2019-20386;2.1;CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P;1.6;CVSS2#E:U/RL:OF/RC:C;2.4;CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L;2.1;CVSS:3.0/E:U/RL:O/RC:C;400;"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4007 advisory. + + - systemd: memory leak in button_open() in login/logind-button.c when udev events are received (CVE-2019-20386) + +Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;141588;FALSE;FALSE;CentOS 7 : systemd (CESA-2020:4007);2020-10-20T00:00:00Z;2020-10-20T00:00:00Z;2020-11-30T00:00:00Z;1.4;CVE=[CVE-2019-20386], CWE=[400], RHSA=[2020:4007];http://www.nessus.org/u?9db51b2f, https://cwe.mitre.org/data/definitions/400.html;Low;Update the affected packages.;;The remote CentOS Linux host is missing a security update.;LOCAL;FALSE;;731;1.4;UNPROVEN;HIGH;VERY_LOW;;;No recorded events;2.2;2020-01-21T00:00:00Z;2023-07-06T12:03:42.359Z;08c89e00-b93a-4ec9-ae5f-982504476c23;2023-07-12T12:08:41.379Z;"' +Remote package installed : systemd-219-67.el7_7.2 +Should be : systemd-219-78.el7 + +Remote package installed : systemd-libs-219-67.el7_7.2 +Should be : systemd-libs-219-78.el7 + +Remote package installed : systemd-python-219-67.el7_7.2 +Should be : systemd-python-219-78.el7 + +Remote package installed : systemd-sysv-219-67.el7_7.2 +Should be : systemd-sysv-219-78.el7 + + +NOTE: The security advisory associated with this vulnerability has a +fixed package version that may only be available in the continuous +release (CR) repository for CentOS, until it is present in the next +point release of CentOS. + +If an equal or higher package level does not exist in the baseline +repository for your major version of CentOS, then updates from the CR +repository will need to be applied in order to address the +vulnerability. +";0;TCP;;NONE;369a932f-8141-42ac-85cc-645634caebf6;Low;ACTIVE +51;Blah93;10.0.0.93;fe80:0:0:0:6245:bdff:fe9c:fedc;60:45:bd:9c:fe:dc;Blah93;370a8964-96eb-486d-a1b9-2470aac20e30;Blah93;;00000000-0000-0000-0000-000000000000;Default;CentOS Linux 7 (Core);azure-instance;"[{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Owners"",""value"":""hans.vanleijen@tttttttnnnnnn.com},{""category"":""Azure_OU"",""value"":""SERVICE PLATFORM""},{""category"":""Azure"",""value"":""CIT-DSP-Test""},{""category"":""Azure_CC"",""value"":""PP-Device Service Platform""}]";;;;p-cpe:/a:centos:centos:java-1.8.0-openjdk, p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility, p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo, p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel, p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc, p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip, p-cpe:/a:centos:centos:java-1.8.0-openjdk-src, cpe:/o:centos:centos:7;CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;192, 330, 400, 770;"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7002 advisory. + + - OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) + + - OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) + + - OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) + + - OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;CentOS Local Security Checks;;;;;166552;FALSE;FALSE;CentOS 7 : java-1.8.0-openjdk (CESA-2022:7002);2022-10-26T00:00:00Z;2022-10-26T00:00:00Z;2023-03-22T00:00:00Z;1.3;CVE=[CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628], CWE=[192, 330, 400, 770], RHSA=[2022:7002];http://www.nessus.org/u?0ce1bb6f;Low;Update the affected packages.;;The remote CentOS Linux host is missing one or more security updates.;LOCAL;FALSE;365;181;1.4;FUNCTIONAL;VERY_HIGH;VERY_LOW;;;No recorded events;2.9;2022-10-17T00:00:00Z;2023-05-22T12:08:54.125Z;08d00ea7-1c6d-4c11-82a7-4a754e0138f6;2023-07-12T12:08:22.033Z;"' +Remote package installed : java-1.8.0-openjdk-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-1.8.0.352.b08-2.el7_9 + +Remote package installed : java-1.8.0-openjdk-headless-1.8.0.262.b10-1.el7 +Should be : java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el7_9 + +";0;TCP;;NONE;f37d04d9-86f3-4c37-abe9-6d904499210e;Low;ACTIVE +237;Blah94;10.0.0.94;;00:0d:3a:ab:1c:14;Blah94;42940d1d-e32d-407b-acab-76cd503f1f23;Blah94;;00000000-0000-0000-0000-000000000000;Default;Microsoft Windows Server 2012 R2 Datacenter 6.3.9600;azure-instance;"[{""category"":""Azure"",""value"":""Connector""},{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure_OU"",""value"":""PU Genesis""},{""category"":""Azure_CC"",""value"":""MAPS-PU Genesis""},{""category"":""Azure_BU"",""value"":""Maps""},{""category"":""Azure"",""value"":""maps-cops-prod""}]";;;70574;cpe:/a:microsoft:ie, cpe:/o:microsoft:windows;CVE-2014-3566;4.3;CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N;3.5;CVSS2#E:POC/RL:TF/RC:C;3.4;CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N;3.1;CVSS:3.0/E:P/RL:O/RC:C;;"The remote host is missing one of the workarounds referenced in the Microsoft Security Advisory 3009008. + +If the client registry key workaround has not been applied, any client software installed on the remote host (including IE) is affected by an information disclosure vulnerability when using SSL 3.0. + +If the server registry key workaround has not been applied, any server software installed on the remote host (including IIS) is affected by an information disclosure vulnerability when using SSL 3.0. + +SSL 3.0 uses nondeterministic CBC padding, which allows a man-in-the-middle attacker to decrypt portions of encrypted traffic using a 'padding oracle' attack. This is also known as the 'POODLE' issue.";AVAILABLE;FALSE;FALSE;Windows;;;;;78447;TRUE;FALSE;MS KB3009008: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE);;2014-10-15T00:00:00Z;2023-06-23T00:00:00Z;1.28;BUGTRAQ=[70574], CERT=[577193], CVE=[CVE-2014-3566], MSKB=[3009008];https://www.imperialviolet.org/2014/10/14/poodle.html, https://www.openssl.org/~bodo/ssl-poodle.pdf, https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00, https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3009008, https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc, http://www.nessus.org/u?f3bc3182;Medium;Apply the client registry key workaround and the server registry key workaround suggested by Microsoft in the advisory.;;The remote host is affected by a remote information disclosure vulnerability.;LOCAL;FALSE;;731;1.4;PROOF_OF_CONCEPT;VERY_HIGH;VERY_LOW;;;No recorded events;5.3;2014-10-14T00:00:00Z;2022-11-17T14:30:47.528Z;08e107b3-1326-4187-8557-982c53942077;2023-07-12T10:40:34.179Z;"' +The workaround to disable SSL 3.0 for all server software installed on +the remote host has not been applied. + +The workaround to disable SSL 3.0 for all client software installed on +the remote host has not been applied. +";445;TCP;;NONE;0fdce5fe-18b9-4de3-9854-9a686f30fb43;Low;ACTIVE +6;Blah95;10.0.0.95;fe80:0:0:0:20d:3aff:fe24:e25b;00:0d:3a:24:e2:5b;Blah95;3aa91c12-62c3-4eb6-90b4-2b5e0385401c;Blah95;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.6 (Sky Tiger);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-prod""}]";;;;p-cpe:/a:alma:linux:java-17-openjdk, p-cpe:/a:alma:linux:java-17-openjdk-demo, p-cpe:/a:alma:linux:java-17-openjdk-demo-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-demo-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-devel, p-cpe:/a:alma:linux:java-17-openjdk-devel-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-devel-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-headless, p-cpe:/a:alma:linux:java-17-openjdk-headless-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-headless-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-javadoc, p-cpe:/a:alma:linux:java-17-openjdk-javadoc-zip, p-cpe:/a:alma:linux:java-17-openjdk-jmods, p-cpe:/a:alma:linux:java-17-openjdk-jmods-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-jmods-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-src, p-cpe:/a:alma:linux:java-17-openjdk-src-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-src-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-static-libs, p-cpe:/a:alma:linux:java-17-openjdk-static-libs-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-static-libs-slowdebug, cpe:/o:alma:linux:8, cpe:/o:alma:linux:8::appstream, cpe:/o:alma:linux:8::powertools;CVE-2023-21835, CVE-2023-21843;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;400, 646;"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0192 advisory. + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; + Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-21835) + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-21843) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;Alma Linux Local Security Checks;2023-A-0042;;I;;170147;FALSE;FALSE;AlmaLinux 8 : java-17-openjdk (ALSA-2023:0192);2023-01-18T00:00:00Z;2023-01-18T00:00:00Z;2023-01-20T00:00:00Z;1.1;CVE=[CVE-2023-21835, CVE-2023-21843], CWE=[400, 646], IAVA=[2023-A-0042];https://errata.almalinux.org/8/ALSA-2023-0192.html;Low;Update the affected packages.;I;The remote AlmaLinux host is missing one or more security updates.;LOCAL;FALSE;180;61;1.4;UNPROVEN;MEDIUM;VERY_LOW;;;No recorded events;1.4;2023-01-17T00:00:00Z;2023-07-06T12:11:01.913Z;08efb986-b604-42e0-9543-bce771900dac;2023-07-12T12:00:32.955Z;"' +Remote package installed : java-17-openjdk-17.0.5.0.8-2.el8_6 +Should be : java-17-openjdk-17.0.6.0.10-3.el8_7 + +Remote package installed : java-17-openjdk-devel-17.0.5.0.8-2.el8_6 +Should be : java-17-openjdk-devel-17.0.6.0.10-3.el8_7 + +Remote package installed : java-17-openjdk-headless-17.0.5.0.8-2.el8_6 +Should be : java-17-openjdk-headless-17.0.6.0.10-3.el8_7 + +";0;TCP;;NONE;12fe8132-d877-41c8-bbb8-be9479d3c940;Low;ACTIVE +202;Blah96;10.0.0.96;2a02:a210:9b41:680:6bc6:15be:d57d:861f;02:42:09:13:d5:b2;Blah96;ac70d433-4812-4b7a-9d0a-f016fa0bd683;Blah96;;00000000-0000-0000-0000-000000000000;Default;Ubuntu 20.04.4 LTS (Focal Fossa);general-purpose;"[{""category"":""Endpoints"",""value"":""all""},{""category"":""Endpoints"",""value"":""Linux""}]";;;;;;2.1;CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N;;;3.1;CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N;;;;"Some daemon processes on the remote host are associated with programs that have been installed manually. + +System administration best practice dictates that an operating system's native package management tools be used to manage software installation, updates, and removal whenever possible.";;FALSE;FALSE;Misc.;;;;;33851;FALSE;FALSE;Network daemons not managed by the package system;;2008-08-08T00:00:00Z;2022-12-21T00:00:00Z;1.24;;;Low;"Use packages supplied by the operating system vendor whenever possible. + +And make sure that manual software installation agrees with your organization's acceptable use and security policies.";;Some daemon processes on the remote host are associated with programs that have been installed manually.;LOCAL;FALSE;;;;;;;;;;;;2022-12-23T00:52:39.710Z;08f07543-201c-42c6-af32-436243b3095e;2023-07-13T00:05:30.201Z;"' +The following running daemons are not managed by dpkg : + +/home/ucar/.config/bluejeans-v2/BluejeansHelper +/home/ucar/prg/clion-2021.2.2/jbr/bin/java +/snap/code/132/usr/share/code/code +/usr/sbin/vmware-authdlauncher +";0;TCP;;NONE;18ce976c-e315-475e-90a7-54f3234823d0;Low;ACTIVE +429;Blah97;10.0.0.97;;;Blah97;165ac59b-4ee1-4bd0-acf9-2d8fe7f0a5a7;Blah97;;00000000-0000-0000-0000-000000000000;Default;CISCO IOS 12.2, CISCO IOS 15.0;router;"[{""category"":""Office"",""value"":""Eindhoven""}]";;;;;;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;;;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N;;;;"The remote SSH server is configured to allow key exchange algorithms which are considered weak. + +This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that SHOULD NOT and MUST NOT be enabled. This includes: + + diffie-hellman-group-exchange-sha1 + + diffie-hellman-group1-sha1 + + gss-gex-sha1-* + + gss-group1-sha1-* + + gss-group14-sha1-* + + rsa1024-sha1 + +Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.";;FALSE;FALSE;Misc.;;;;;153953;FALSE;FALSE;SSH Weak Key Exchange Algorithms Enabled;;2021-10-13T00:00:00Z;2021-10-13T00:00:00Z;1.2;;http://www.nessus.org/u?b02d91cd, https://datatracker.ietf.org/doc/html/rfc8732;Low;Contact the vendor or consult product documentation to disable the weak algorithms.;;The remote SSH server is configured to allow weak key exchange algorithms.;REMOTE;FALSE;;;;;;;;;;;;2022-05-09T10:04:40.921Z;09030cb6-b5a7-4c82-af35-f4730b7190a8;2023-07-10T11:38:40.994Z;"' +The following weak key exchange algorithms are enabled : + + diffie-hellman-group-exchange-sha1 +";22;TCP;;NONE;06f8d74d-94b0-4a80-b581-fc3c273cc695;Low;RESURFACED +6;Blah98;10.0.0.98;fe80:0:0:0:20d:3aff:feaa:bea9;00:0d:3a:aa:be:a9;Blah98;3fa5bb77-0b97-4525-a7f1-52451ca1c4f7;Blah98;;81b1923f-e771-4a14-8ea9-eed2948851aa;LicensedVMs;AlmaLinux 8.6 (Sky Tiger);azure-instance;"[{""category"":""Azure"",""value"":""Connector+Scanned""},{""category"":""Azure"",""value"":""Connector""},{""category"":""Owners"",""value"":""tti-lt-subscription-owners@groups.tomtom.com""},{""category"":""Azure_BU"",""value"":""Platform Products""},{""category"":""Azure_OU"",""value"":""TTI""},{""category"":""Azure_CC"",""value"":""PP-Traffic""},{""category"":""Azure"",""value"":""tti-lt-prod""}]";;;;p-cpe:/a:alma:linux:java-17-openjdk, p-cpe:/a:alma:linux:java-17-openjdk-demo, p-cpe:/a:alma:linux:java-17-openjdk-demo-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-demo-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-devel, p-cpe:/a:alma:linux:java-17-openjdk-devel-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-devel-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-headless, p-cpe:/a:alma:linux:java-17-openjdk-headless-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-headless-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-javadoc, p-cpe:/a:alma:linux:java-17-openjdk-javadoc-zip, p-cpe:/a:alma:linux:java-17-openjdk-jmods, p-cpe:/a:alma:linux:java-17-openjdk-jmods-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-jmods-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-src, p-cpe:/a:alma:linux:java-17-openjdk-src-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-src-slowdebug, p-cpe:/a:alma:linux:java-17-openjdk-static-libs, p-cpe:/a:alma:linux:java-17-openjdk-static-libs-fastdebug, p-cpe:/a:alma:linux:java-17-openjdk-static-libs-slowdebug, cpe:/o:alma:linux:8, cpe:/o:alma:linux:8::appstream, cpe:/o:alma:linux:8::powertools;CVE-2023-21835, CVE-2023-21843;2.6;CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;3.7;CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N;3.2;CVSS:3.0/E:U/RL:O/RC:C;400, 646;"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0192 advisory. + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; + Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-21835) + + - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-21843) + +Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.";NOT_AVAILABLE;FALSE;FALSE;Alma Linux Local Security Checks;2023-A-0042;;I;;170147;FALSE;FALSE;AlmaLinux 8 : java-17-openjdk (ALSA-2023:0192);2023-01-18T00:00:00Z;2023-01-18T00:00:00Z;2023-01-20T00:00:00Z;1.1;CVE=[CVE-2023-21835, CVE-2023-21843], CWE=[400, 646], IAVA=[2023-A-0042];https://errata.almalinux.org/8/ALSA-2023-0192.html;Low;Update the affected packages.;I;The remote AlmaLinux host is missing one or more security updates.;LOCAL;FALSE;180;61;1.4;UNPROVEN;MEDIUM;VERY_LOW;;;No recorded events;1.4;2023-01-17T00:00:00Z;2023-07-06T12:03:13.709Z;093b76a0-e0b2-4cbe-b1cc-d0c3e94478a3;2023-07-12T11:54:37.716Z;"' +Remote package installed : java-17-openjdk-17.0.5.0.8-2.el8_6 +Should be : java-17-openjdk-17.0.6.0.10-3.el8_7 + +Remote package installed : java-17-openjdk-devel-17.0.5.0.8-2.el8_6 +Should be : java-17-openjdk-devel-17.0.6.0.10-3.el8_7 + +Remote package installed : java-17-openjdk-headless-17.0.5.0.8-2.el8_6 +Should be : java-17-openjdk-headless-17.0.6.0.10-3.el8_7 + +";0;TCP;;NONE;12fe8132-d877-41c8-bbb8-be9479d3c940;Low;ACTIVE +429;Blah99;10.0.0.99;;;Blah99;054c8a6b-662f-4cb9-b087-6853b7bcd99c;Blah99;;00000000-0000-0000-0000-000000000000;Default;CISCO IOS 12, CISCO PIX, Cisco IOS XE, CISCO IOS 15;router;"[{""category"":""Office"",""value"":""pune2""},{""category"":""Office"",""value"":""Pune""}]";;;32319;;CVE-2008-5161;2.6;CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N;1.9;CVSS2#E:U/RL:OF/RC:C;;;;;200;"The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. + +Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.";NOT_AVAILABLE;FALSE;FALSE;Misc.;;;;;70658;FALSE;FALSE;SSH Server CBC Mode Ciphers Enabled;;2013-10-28T00:00:00Z;2018-07-30T00:00:00Z;1.4;BUGTRAQ=[32319], CERT=[958563], CVE=[CVE-2008-5161], CWE=[200];;Low;Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.;;The SSH server is configured to use Cipher Block Chaining.;REMOTE;FALSE;;731;2.5;UNPROVEN;HIGH;VERY_LOW;;;No recorded events;2.5;2008-11-24T00:00:00Z;2022-05-09T12:45:55.100Z;09417309-dab6-48d2-bde4-9f1600454382;2023-07-11T19:42:24.202Z;"' +The following client-to-server Cipher Block Chaining (CBC) algorithms +are supported : + + aes256-cbc + +The following server-to-client Cipher Block Chaining (CBC) algorithms +are supported : + + aes256-cbc +";22;TCP;;NONE;2e2616c4-73be-4a5f-8462-0363fd979993;Low;RESURFACED \ No newline at end of file diff --git a/unittests/tools/test_tenable_parser.py b/unittests/tools/test_tenable_parser.py index 44ea5fb5945..b79c48c3d76 100644 --- a/unittests/tools/test_tenable_parser.py +++ b/unittests/tools/test_tenable_parser.py @@ -278,6 +278,17 @@ def test_parse_issue_6992(self): self.assertEqual(1, len(findings)) self.assertEqual("High", findings[0].severity) + def test_parse_nessus_new(self): + testfile = open("unittests/scans/tenable/nessus/nessus_new.csv") + parser = TenableParser() + findings = parser.get_findings(testfile, self.create_test()) + self.assertEqual(99, len(findings)) + finding = findings[0] + self.assertEqual("Blah1", finding.unsaved_endpoints[0].host) + self.assertEqual("Blah1", finding.title) + self.assertEqual("Low", finding.severity) + self.assertEqual("3.1", finding.cvssv3_score) + def test_parse_issue_9612(self): testfile = open("unittests/scans/tenable/issue_9612.csv") parser = TenableParser()