Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0215 advisory.

  - Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet     side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending     highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As     a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but     there is no workaround to protect Eventlet process. (CVE-2021-21419)

  - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling     the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute     allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS     code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.
    (CVE-2021-28957)

  - Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path     traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1,     especially if a user-provided locale string is directly used to switch moment locale. This problem is     patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the     user-provided locale name before passing it to Moment.js. (CVE-2022-24785)

  - moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected     versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date     parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2)     complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k     characters. Users who pass user-provided strings without sanity length checks to moment constructor are     vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected     versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider     limiting date lengths accepted from user input. (CVE-2022-31129)

  - A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an     insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check     if an IP address is invalid before making DBS requests allowing rebinding attacks. (CVE-2022-32212)

  - In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands     discovered in the system mailcap file. This may allow attackers to inject shell commands into applications     that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or     arguments). The fix is also back-ported to 3.7, 3.8, 3.9 (CVE-2015-20107)

  - There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker     who is able to supply a crafted file to be processed by an application linked with the affected     functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to     application availability, with some potential impact to confidentiality and integrity if an attacker is     able to use memory information to further exploit the application. (CVE-2021-3517)

  - A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while     parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery     mode and post-validated, the flaw could be used to crash the application. The highest threat from this     vulnerability is to system availability. (CVE-2021-3537)

  - There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to     be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact     from this flaw is to confidentiality, integrity, and availability. (CVE-2021-3518)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Aruba ClearPass Policy Manager installed on the remote host is prior or equal to 6.7, 6.8.9-HF2, 6.9.9, 6.10.4. It is, therefore, affected by multiple vulnerabilities as referenced in the ARUBA-PSA-2022-007 advisory.

    - An information disclosure vulnerability exists in the web-based management interface of ClearPass Policy Manager.
    An authenticated, remote attacker can exploit this to disclose potentially sensitive information. (CVE-2022-23670)

    - A denial of service (DoS) vulnerability exists in the Python Eventlet library used by ClearPass Policy Manager. An     unauthenticated, remote attacker can exploit this issue, via WebSocket peer to exhaust memory reserved by Eventlet     inside of ClearPass Policy Manager, to cause the process to stop responding. (CVE-2021-21419)

    - A denial of service (DoS) vulnerability exists in Python Urllib library used by ClearPass Policy Manager. An     authenticated, remote attacker can exploit this issue, via the web-based management, to cause the application to     stop responding. (CVE-2021-33503)

    - An authentication bypass vulnerability exists in web-based management interface of ClearPass Policy Manager. An     unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary actions with root     privileges. (CVE-2022-23657, CVE-2022-23658, CVE-2022-23660)

    - A reflected cross-site scripting (XSS) vulnerability exists in the web-based management interface of ClearPass     Policy Manager due to improper validation of user-supplied input before returning it to users. An authenticated,     remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script     code in a user's browser session. (CVE-2022-23659)

    - A command injection vulnerability exists in the ClearPass Policy Manager command line interface. An authenticated,     remote attacker can exploit this to execute arbitrary commands. (CVE-2022-23661, CVE-2022-23662)

    - A command injection vulnerability exists in the ClearPass Policy Manager web-based management interface. An     authenticated, remote attacker can exploit this to execute arbitrary commands. (CVE-2022-23663, CVE-2022-23664,     CVE-2022-23666, CVE-2022-23672, CVE-2022-23673)

    - A command injection vulnerability exists in Aruba ClearPass Policy Manager. An authenticated, remote attacker can     exploit this to execute arbitrary commands. (CVE-2022-23665)

    - A command injection vulnerability exists in the ClearPass Policy Manager command line interface. An authenticated,     remote attacker can exploit this to execute arbitrary commands. (CVE-2022-23667)

    - A Server Side Request Forgery (SSRF) vulnerability exists in the web-based management interface of ClearPass Policy     Manager due to improper validation of session & user-accessible input data. The insecure processing of the input by     the vulnerable application server allows an unauthenticated, remote attacker the ability to exploit this by sending a     specially crafted message to the server to create a trusted remote session with a malicious external target.
    (CVE-2022-23668)

    - An authentication bypass vulnerability exists in ClearPass Policy Manager due to the handling of SAML token expiration.
    An authenticated, remote attacker can exploit this, via possession of a valid token to reuse the token after session     expiration, to bypass authentication and execute arbitrary actions with user privileges. (CVE-2022-23669)

    - An information disclosure vulnerability exists in ClearPass Policy Manager cluster network position. An authenticated,     remote attacker can exploit this to disclose potentially sensitive information. (CVE-2022-23671)

    - A authenticated stored cross-site scripting (XSS) vulnerability exists in the web-based management interface of ClearPass     Policy Manager due to improper validation of user-supplied input before returning it to users. An authenticated,     remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code     in a user's browser session. (CVE-2022-23674, CVE-2022-23675)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:5071 advisory.

    Eventlet is a networking library written in Python. It achieves high     scalability by using non-blocking io while at the same time retaining high     programmer usability by using coroutines to make the non-blocking io     operations appear blocking at the source code     level.

    Security Fix(es):

    * improper handling of highly compressed data and memory allocation with     excessive size allows DoS (CVE-2021-21419)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2437 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.2. See the following     advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2021:2438

    Security Fix(es):

    * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

    * golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)

    * openshift: Injected service-ca.crt incorrectly contains additional internal CAs (CVE-2021-3636)

    * python-eventlet: improper handling of highly compressed data and memory allocation with excessive size     allows DoS (CVE-2021-21419)

    * jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin     (CVE-2021-21623)

    * jenkins-2-plugins/credentials: Reflected XSS vulnerability in Credentials Plugin (CVE-2021-21648)

    * kubernetes: Validating Admission Webhook does not observe some previous fields (CVE-2021-25735)

    * jenkins: lack of type validation in agent related REST API (CVE-2021-21639)

    * jenkins: view name validation bypass (CVE-2021-21640)

    * kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack (CVE-2021-25737)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-     minor.html#understanding-upgrade-channels_updating-cluster-between-minor

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4956-1 advisory.

    It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this     issue to cause a denial of service.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
194924	Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0215)	Nessus	CGI abuses	high
161701	Aruba ClearPass Policy Manager <= 6.x.x < 6.8.9-HF2 / 6.9.x < 6.9.9 / 6.10.x < 6.10.4 Multiple Vulnerabilities	Nessus	Misc.	critical
156003	RHEL 8 : Red Hat OpenStack Platform 16.1 (python-eventlet) (RHSA-2021:5071)	Nessus	Red Hat Local Security Checks	medium
152103	RHEL 7 / 8 : OpenShift Container Platform 4.8.2 (RHSA-2021:2437)	Nessus	Red Hat Local Security Checks	high
149520	Ubuntu 20.04 LTS : Eventlet vulnerability (USN-4956-1)	Nessus	Ubuntu Local Security Checks	medium

Detections

Analytics

CVE-2021-21419

medium

Tenable Plugins

high

critical

medium

high

medium