Detections
Analytics

RHEL 7 : rh-eclipse (RHSA-2020:5168)

high Nessus Plugin ID 143213

Language:

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5168 advisory.

 - jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/CVE-2020-27216

https://access.redhat.com/errata/RHSA-2020:5168

https://bugzilla.redhat.com/1891132

Plugin Details

Severity: High

ID: 143213

File Name: redhat-RHSA-2020-5168.nasl

Version: 1.10

Type: local

Agent: unix

Published: 11/24/2020

Updated: 2/8/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Agentless Assessment, Frictionless Assessment Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-27216

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.3

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:rh-eclipse, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-antlr, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-bcel, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-bsf, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-log4j, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-oro, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-regexp, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-resolver, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-apache-xalan2, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-commons-logging, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-commons-net, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-imageio, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-javamail, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-jdepend, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-jmf, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-jsch, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-junit, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-junit5, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-lib, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-manual, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-swing, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-testutil, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ant-xz, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-java, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-maven-plugin, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-antlr32-tool, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apache-sshd, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apache-sshd-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apiguardian, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-apiguardian-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-args4j, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-args4j-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-args4j-parent, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-css, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-demo, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-rasterizer, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-slideshow, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-squiggle, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-svgpp, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-ttf2svg, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-batik-util, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-mail, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-pg, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-pkix, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-bouncycastle-tls, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-cbi-plugins, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-cbi-plugins-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-decentxml, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-decentxml-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ecj, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-contributor-tools, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-ecf-core, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-ecf-runtime, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-ecf-sdk, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-egit, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-core, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-runtime, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-sdk, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-emf-xsd, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-equinox-osgi, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-gef, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-gef-sdk, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-jdt, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-jgit, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-license1, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-license2, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-m2e-core, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-m2e-workspace, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-m2e-workspace-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-mpc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-p2-discovery, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-pde, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-platform, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-pydev, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-subclipse, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-swt, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-webtools-common, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-webtools-servertools, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-eclipse-webtools-sourceediting, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ed25519-java, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-command, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-command-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-parent, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-runtime, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-runtime-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-shell, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-gogo-shell-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-scr, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-felix-scr-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaewah, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaewah-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaparser, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-javaparser-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jchardet, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jchardet-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jctools, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jctools-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-client, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-continuation, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-http, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-io, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-jaas, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-jmx, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-security, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-server, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-servlet, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-util, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-webapp, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jetty-xml, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jffi, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jffi-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jffi-native, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jgit, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jgit-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jna, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jna-contrib, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jna-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-constants, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-constants-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-ffi, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-ffi-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-netdb, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-netdb-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-posix, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-posix-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-x86asm, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jnr-x86asm-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-server, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-connector-factory, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-core, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-jsch, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-pageant, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-sshagent, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-trilead-ssh2, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-usocket-jna, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jsch-agent-proxy-usocket-nc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-junit5, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-junit5-guide, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-junit5-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jython, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jython-demo, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jython-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jzlib, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jzlib-demo, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-jzlib-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-analysis, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-analyzers-smartcn, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-backward-codecs, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-classification, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-codecs, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-grouping, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-highlighter, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-join, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-memory, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-misc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-monitor, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-queries, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-queryparser, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-sandbox, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-lucene-suggest, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-catalog, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-common, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-descriptor, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-packaging, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-archetype-plugin, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-indexer, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-maven-indexer-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-netty, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-objectweb-asm, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-objectweb-asm-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-opentest4j, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-opentest4j-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-os-maven-plugin, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-os-maven-plugin-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-runtime, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sac, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sac-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sat4j, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-scldevel, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sequence-library, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sequence-library-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sqljet, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-sqljet-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-stringtemplate, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-stringtemplate-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit-cli, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-svnkit-javahl, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-atom, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-common, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-maven-plugin, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-translate-plugin, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-takari-polyglot-xml, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-trilead-ssh2, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-trilead-ssh2-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-tycho, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-tycho-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-univocity-parsers, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-univocity-parsers-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ws-commons-util, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-ws-commons-util-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xml-maven-plugin, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xml-maven-plugin-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlgraphics-commons, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlgraphics-commons-javadoc, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-client, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-common, p-cpe:/a:redhat:enterprise_linux:rh-eclipse-xmlrpc-javadoc

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/23/2020

Vulnerability Publication Date: 10/23/2020

Reference Information

CVE: CVE-2020-27216

CWE: 377

RHSA: 2020:5168