RHEL 7:rh-eclipse (RHSA-2020: 5168)

high Nessus Plugin ID 143213

概要

遠端 Red Hat 主機缺少安全性更新。

說明

遠端 Redhat Enterprise Linux 7 主機上安裝的套件受到 RHSA-2020:5168 公告中提及的一個弱點影響。

- jetty:本機暫存目錄劫持弱點 (CVE-2020-27216)

請注意,Nessus 並未測試此問題,而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

更新受影響的套件。

另請參閱

http://www.nessus.org/u?b7b1481e

http://www.nessus.org/u?f7852957

https://access.redhat.com/security/updates/classification/#moderate

https://access.redhat.com/errata/RHSA-2020:5168

https://bugzilla.redhat.com/show_bug.cgi?id=1891132

https://issues.redhat.com/browse/RHECLIPSE-311

Plugin 詳細資訊

嚴重性: High

ID: 143213

檔案名稱: redhat-RHSA-2020-5168.nasl

版本: 1.12

類型: local

代理程式: unix

已發布: 2020/11/24

已更新: 2024/11/7

支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

風險資訊

VPR

風險因素: High

分數: 7.4

Vendor

Vendor Severity: Moderate

CVSS v2

風險因素: Medium

基本分數: 4.4

時間分數: 3.4

媒介: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS 評分資料來源: CVE-2020-27216

CVSS v3

風險因素: High

基本分數: 7

時間分數: 6.3

媒介: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:P/RL:O/RC:C

弱點資訊

CPE: p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xml-maven-plugin, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-jaas, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sequence-library-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-swt, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-opentest4j-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-common, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-maven-plugin, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-svgpp, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-resolver, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-sandbox, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-commons-logging, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-junit, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jffi-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-oro, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-pkix, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-jsch, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ws-commons-util, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-ecf-runtime, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ed25519-java, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apiguardian-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-tycho-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-webtools-sourceediting, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-analyzers-smartcn, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-decentxml, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-ecf-core, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-grouping, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-os-maven-plugin, p-cpe:/a:redhat:enterprise_linux:rh-eclipse, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jzlib-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-runtime, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-slideshow, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-demo, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sequence-library, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-scr, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jgit, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-continuation, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-jdepend, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-javamail, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-runtime-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-indexer-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-common, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-server, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-packaging, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-license2, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jna, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jgit-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-junit5-guide, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-m2e-workspace-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-posix-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-classification, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-connector-factory, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-core, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-opentest4j, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-manual, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-maven-plugin, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-antlr, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sqljet-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-cbi-plugins, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-xsd, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-queries, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-cbi-plugins-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlgraphics-commons-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-platform, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-webtools-common, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-translate-plugin, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-log4j, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-bcel, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-ffi, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sat4j, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-rasterizer, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xml-maven-plugin-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-jgit, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-xml, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-common, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaewah, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-squiggle, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-plugin, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-x86asm-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-jsch, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-args4j-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-tool, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ecj, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-server, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-ttf2svg, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jffi, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaewah-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-bsf, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-swing, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-jdt, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-os-maven-plugin-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-shell-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-constants, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-objectweb-asm-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-imageio, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apache-sshd, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jffi-native, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-trilead-ssh2, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-highlighter, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-util, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-runtime, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlgraphics-commons, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-egit, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-license1, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-pydev, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-codecs, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-command, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-memory, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-xalan2, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit-cli, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jzlib-demo, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-atom, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-m2e-core, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jna-contrib, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaparser-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-posix, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-analysis, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apache-sshd-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-x86asm, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-scr-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-junit5, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-stringtemplate, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-shell, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-usocket-jna, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-descriptor, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-sshagent, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jython-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-lib, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-testutil, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-junit5-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-io, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-p2-discovery, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-client, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-util, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-command-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-jmx, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-univocity-parsers, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-netdb-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-stringtemplate-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-css, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jna-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-misc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sqljet, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-tls, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-security, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-args4j-parent, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-usocket-nc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jython-demo, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sac-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-license, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-jmf, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-ffi-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-decentxml-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-webtools-servertools, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-http, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-regexp, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-trilead-ssh2, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaparser, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-contributor-tools, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jchardet, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-ecf-sdk, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jython, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-scldevel, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-mail, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-ecf, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-queryparser, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-constants-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-xml, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-tycho, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-indexer, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-backward-codecs, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-xz, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-suggest, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-mpc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-commons-net, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-monitor, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apiguardian, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-univocity-parsers-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-sdk, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jctools, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-java, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-pde, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-webtools, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jchardet-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-gef-sdk, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-servlet, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-client, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-parent, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-trilead-ssh2-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ws-commons-util-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit-javahl, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-pageant, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sac, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-catalog, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jzlib, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-junit5, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-core, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-pg, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-subclipse, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-netdb, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-objectweb-asm, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-gef, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-webapp, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-equinox-osgi, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-args4j, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-m2e-workspace, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-join, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jctools-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-netty, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-runtime

必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

可被惡意程式利用: true

可輕鬆利用: Exploits are available

修補程式發佈日期: 2020/11/23

弱點發布日期: 2020/10/23

參考資訊

CVE: CVE-2020-27216

CWE: 377

RHSA: 2020:5168