The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0808 advisory.

  - The go command may execute arbitrary code at build time when using cgo. This may occur when running go     get on a malicious module, or when running any other command which builds untrusted code. This is can by     triggered by linker flags, specified via a #cgo LDFLAGS directive. Flags containing embedded spaces are     mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in     the argument of another flag. This only affects usage of the gccgo compiler. (CVE-2023-29405)

  - When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by     finalizing the operation with a rename from a temporary name to the final target file name.In that rename     operation, it might accidentally *widen* the permissions for the target file, leaving the updated file     accessible to more users than intended. (CVE-2022-32207)

  - decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. (CVE-2022-38900)

  - The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
    (CVE-2022-33987)

  - Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the     name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3. (CVE-2022-37601)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of curl installed on the remote host is prior to 7.79.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1875 advisory.

    A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive     amounts of `Set-Cookie:` headers in an HTTP response to curl, which stores all of them. This flaw leads to     a denial of service, either by mistake or by a malicious actor. (CVE-2022-32205)

    A vulnerability was found in curl. This issue occurs because the number of acceptable links in the     decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited number of     compression steps. This flaw leads to a denial of service, either by mistake or by a malicious actor.
    (CVE-2022-32206)

    A vulnerability was found in curl. This issue occurs because when curl saves cookies, alt-svc, and HSTS     data to local files, it makes the operation atomic by finalizing the process with a rename from a     temporary name to the final target file name. This flaw leads to unpreserved file permissions, either by     mistake or by a malicious actor. (CVE-2022-32207)

    A vulnerability was found in curl. This issue occurs because it mishandles message verification failures     when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack     to go unnoticed and allows data injection into the client. (CVE-2022-32208)

    A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies     from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when     cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the     server to return a 400 response. This issue effectively allows a sister site to deny service to siblings     and cause a denial of service attack. (CVE-2022-35252)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control     codes that when later are sent back to a HTTPserver might make the server return 400 responses.
    Effectively allowing a'sister site' to deny service to all siblings. (CVE-2022-35252)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to     ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle     previously was used to issue a `PUT` request which used that callback. This flaw may surprise the     application and cause it to misbehave and either send off the wrong data or use memory after free or     similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is     changed from a PUT to a POST. (CVE-2022-32221)

  - When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control     codes that when later are sent back to a HTTPserver might make the server return 400 responses.
    Effectively allowing a'sister site' to deny service to all siblings. (CVE-2022-35252)

  - curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-     HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and     then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often     only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200     status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in     curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap,     ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. (CVE-2022-42915)

  - In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS     support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step)     even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL     uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using     the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.).
    The earliest affected version is 7.77.0 2021-05-26. (CVE-2022-42916)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3005-1 advisory.

  - When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control     codes that when later are sent back to a HTTPserver might make the server return 400 responses.
    Effectively allowing asister site to deny service to all siblings. (CVE-2022-35252)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
194928	Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0808)	Nessus	CGI abuses	5/2/2024	7/29/2024	critical
167236	Amazon Linux 2 : curl (ALAS-2022-1875)	Nessus	Amazon Linux Local Security Checks	11/9/2022	12/11/2024	critical
168986	EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2840)	Nessus	Huawei Local Security Checks	12/21/2022	9/12/2023	low
168995	EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2815)	Nessus	Huawei Local Security Checks	12/21/2022	9/12/2023	low
169532	EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-1005)	Nessus	Huawei Local Security Checks	1/5/2023	9/11/2023	critical
164668	SUSE SLES12 Security Update : curl (SUSE-SU-2022:3005-1)	Nessus	SuSE Local Security Checks	9/3/2022	7/14/2023	low

Detections

Analytics

Plugins Search

critical

critical

low

low

critical

low