www.tenable.com
Open in
urlscan Pro
2606:4700::6810:3105
Public Scan
URL:
https://www.tenable.com/plugins/nessus/201786
Submission: On October 16 via api from IN — Scanned from CA
Submission: On October 16 via api from IN — Scanned from CA
Form analysis 0 forms found in the DOM
Text Content
*
* Plugins
* Settings
LINKS
Tenable Cloud Tenable Community & Support Tenable University
Severity
VPRCVSS v2CVSS v3
Theme
LightDarkAuto
Help
*
* Plugins
OverviewPlugins PipelineNewestUpdatedSearchNessus FamiliesWAS FamiliesNNM
FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin FamiliesRelease
Notes
* Audits
OverviewNewestUpdatedSearch Audit FilesSearch
ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
* Indicators
OverviewSearchIndicators of AttackIndicators of Exposure
* CVEs
OverviewNewestUpdatedSearch
* Attack Path Techniques
OverviewSearch
* Links
Tenable CloudTenable Community & SupportTenable University
* Settings
Severity
VPRCVSS v2CVSS v3
Theme
LightDarkAuto
DETECTIONS
* Plugins
OverviewPlugins PipelineRelease NotesNewestUpdatedSearchNessus FamiliesWAS
FamiliesNNM FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin
Families
* Audits
OverviewNewestUpdatedSearch Audit FilesSearch
ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
* Indicators
OverviewSearchIndicators of AttackIndicators of Exposure
ANALYTICS
* CVEs
OverviewNewestUpdatedSearch
* Attack Path Techniques
OverviewSearch
1. Plugins
2. Nessus
3. 201786
1. Nessus
CBL MARINER 2.0 SECURITY UPDATE: PYTHON-REQUESTS (CVE-2024-35195)
MEDIUM NESSUS PLUGIN ID 201786
* Information
* Dependencies
* Dependents
* Changelog
SYNOPSIS
The remote CBL Mariner host is missing one or more security updates.
DESCRIPTION
The version of python-requests installed on the remote CBL Mariner 2.0 host is
prior to tested version. It is, therefore, affected by a vulnerability as
referenced in the CVE-2024-35195 advisory.
- Requests is a HTTP library. Prior to 2.32.0, when making requests through a
Requests `Session`, if the first request is made with `verify=False` to disable
cert verification, all subsequent requests to the same host will continue to
ignore cert verification regardless of changes to the value of `verify`. This
behavior will continue for the lifecycle of the connection in the connection
pool. This vulnerability is fixed in 2.32.0. (CVE-2024-35195)
Note that Nessus has not tested for this issue but has instead relied only on
the application's self-reported version number.
SOLUTION
Update the affected packages.
SEE ALSO
https://nvd.nist.gov/vuln/detail/CVE-2024-35195
PLUGIN DETAILS
Severity: Medium
ID: 201786
File Name: mariner_CVE-2024-35195.nasl
Version: 1.1
Type: local
Family: MarinerOS Local Security Checks
Published: 7/3/2024
Updated: 7/3/2024
Supported Sensors: Nessus
RISK INFORMATION
VPR
Risk Factor: Medium
Score: 5.2
CVSS V2
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 4.1
Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:N
CVSS Score Source: CVE-2024-35195
CVSS V3
Risk Factor: Medium
Base Score: 5.6
Temporal Score: 4.9
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
VULNERABILITY INFORMATION
CPE: p-cpe:/a:microsoft:cbl-mariner:python3-requests,
x-cpe:/o:microsoft:cbl-mariner
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/CBLMariner/release,
Host/CBLMariner/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 7/1/2024
Vulnerability Publication Date: 5/20/2024
REFERENCE INFORMATION
CVE: CVE-2024-35195
* Tenable.com
* Community & Support
* Documentation
* Education
* © 2024 Tenable®, Inc. All Rights Reserved
* Privacy Policy
* Legal
* 508 Compliance
Tenable Cloud Risk Report 2024