Test Kennung:	1.3.6.1.4.1.25623.1.0.892178
Kategorie:	Debian Local Security Checks
Titel:	Debian LTS: Security Advisory for awl (DLA-2178-1)
Zusammenfassung:	The remote host is missing an update for the 'awl'; package(s) announced via the DLA-2178-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'awl' package(s) announced via the DLA-2178-1 advisory. Vulnerability Insight: Following CVEs were reported against the awl source package: CVE-2020-11728 An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a session. CVE-2020-11729 An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful. Affected Software/OS: 'awl' package(s) on Debian Linux. Solution: For Debian 8 'Jessie', these problems have been fixed in version 0.55-1+deb8u1. We recommend that you upgrade your awl packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-11728 Common Vulnerability Exposure (CVE) ID: CVE-2020-11729
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.