RHCOS 2 : Red Hat OpenShift Enterprise 2.2.10 (RHSA-2016:1773)

critical Nessus Plugin ID 312023

Language:

Synopsis

The remote Red Hat CoreOS host is missing one or more security updates.

Description

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1773 advisory.

- CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix (CVE-2014-3577)

- apache-commons-collections: InvokerTransformer code execution during deserialisation (CVE-2015-7501)

- jenkins: Remote code execution vulnerability in remoting module (SECURITY-232) (CVE-2016-0788)

- jenkins: HTTP response splitting vulnerability (SECURITY-238) (CVE-2016-0789)

- jenkins: Non-constant time comparison of API token (SECURITY-241) (CVE-2016-0790)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 312023

File Name: rhcos-RHSA-2016-1773.nasl

Version: 1.2

Type: Local

Agent: unix

Family: Red Hat Local Security Checks

Published: 5/4/2026

Updated: 5/5/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-0788

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2016-0791

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-frontend-haproxy-sni-proxy, p-cpe:/a:redhat:enterprise_linux:libcgroup-pam, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-cron, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins-client, p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker-util, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins, p-cpe:/a:redhat:enterprise_linux:imagemagick-devel, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-node, p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-routing-daemon, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbosseap, p-cpe:/a:redhat:enterprise_linux:jenkins, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-nodejs, p-cpe:/a:redhat:enterprise_linux:openshift-origin-node-util, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbossews, p-cpe:/a:redhat:enterprise_linux:rhc, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-mysql, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-haproxy, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-mongodb, p-cpe:/a:redhat:enterprise_linux:imagemagick, p-cpe:/a:redhat:enterprise_linux:openshift-origin-node-proxy, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-admin-console, p-cpe:/a:redhat:enterprise_linux:imagemagick-perl, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-python, p-cpe:/a:redhat:enterprise_linux:imagemagick-doc, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-diy, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-controller, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-perl, p-cpe:/a:redhat:enterprise_linux:openshift-origin-msg-node-mcollective, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-php, p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-ruby, p-cpe:/a:redhat:enterprise_linux:activemq-client, p-cpe:/a:redhat:enterprise_linux:libcgroup, cpe:/o:redhat:enterprise_linux:6:coreos, p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-msg-broker-mcollective, p-cpe:/a:redhat:enterprise_linux:activemq

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/24/2016

Vulnerability Publication Date: 8/12/2014

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Jenkins XStream Groovy classpath Deserialization Vulnerability)

Reference Information

CVE: CVE-2014-3577, CVE-2015-7501, CVE-2016-0788, CVE-2016-0789, CVE-2016-0790, CVE-2016-0791, CVE-2016-0792, CVE-2016-3721, CVE-2016-3722, CVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727

CWE: 284, 297

RHSA: 2016:1773

Detections

Analytics

RHCOS 2 : Red Hat OpenShift Enterprise 2.2.10 (RHSA-2016:1773)

critical Nessus Plugin ID 312023

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

VPR

Vendor

CVSS v2

CVSS v3

Vulnerability Information

Exploitable With

Reference Information