 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.883332 |
| Categoría: | CentOS Local Security Checks |
| Título: | CentOS: Security Advisory for pki-base (CESA-2021:0851) |
| Resumen: | The remote host is missing an update for the 'pki-base'; package(s) announced via the CESA-2021:0851 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'pki-base' package(s) announced via the CESA-2021:0851 advisory. Vulnerability Insight: The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * pki-core: Unprivileged users can renew any certificate (CVE-2021-20179) * pki-core: XSS in the certificate search results (CVE-2020-25715) * pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146) * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179) * pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221) * pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Add KRA Transport and Storage Certificates profiles, audit for IPA (BZ#1883639) Affected Software/OS: 'pki-base' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-10146 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10146 Common Vulnerability Exposure (CVE) ID: CVE-2019-10179 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10179 Common Vulnerability Exposure (CVE) ID: CVE-2019-10221 Common Vulnerability Exposure (CVE) ID: CVE-2020-1721 https://bugzilla.redhat.com/show_bug.cgi?id=1777579 Common Vulnerability Exposure (CVE) ID: CVE-2020-25715 https://bugzilla.redhat.com/show_bug.cgi?id=1891016 Common Vulnerability Exposure (CVE) ID: CVE-2021-20179 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7RPRLMCUUBRJII/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3I7BRAHLE2WWSY76W3CKFCF5WSSAE24/ https://bugzilla.redhat.com/show_bug.cgi?id=1914379 https://github.com/dogtagpki/pki/pull/3474 https://github.com/dogtagpki/pki/pull/3475 https://github.com/dogtagpki/pki/pull/3476 https://github.com/dogtagpki/pki/pull/3477 https://github.com/dogtagpki/pki/pull/3478 |
| Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |