How to check if a RHEL system is vulnerable to a CVE

As a system administrator, one of your most critical tasks is keeping your system secure. In today’s digital age, cyberattacks are rampant, and vulnerabilities can be exploited in minutes.
So one of the best ways to ensure your system’s security is by being aware of vulnerabilities and taking appropriate measures to fix them.
This guide will show you how to check if an RHEL system is vulnerable to a CVE and what steps to take to mitigate the risk.

What is CVE ?

Before we dig in, let’s explain what is a CVE.

CVE stands for ( Common Vulnerabilities and Exposure ), is a publicly known vulnerability that is assigned a unique identifier. You can find its details on NVD (National Vulnerability Database).

Step-by-Step Guide

Here are the steps to check if your RHEL system is vulnerable to a CVE:

Step1: Identification

Before checking if your system is vulnerable, you need to identify the CVE. Like I said previously, you can find its details on the NVD website.

Step2: Check the version of RHEL

Once you have identified the vulnerability ID, you need to check if your RHEL system is using the affected version. You can do this by running the following command if the terminal:

# cat /etc/redhat-release

This command will display the version of RHEL that your system is running.

Step3: check for the vulnerability

After identifying the CVE and checking the RHEL version, you need to check if your system is vulnerable.
It can be done via the rpm command by checking the identifier number against a specific package.


# rpm -q --changelog [package-name] | grep [CVE-NUMBER]

For exemple, I want to see if CVE-2022-22720 has been applied to Apache package or not, run the following command :

[root@RHEL ~]# rpm -q --changelog httpd | grep CVE-2022-22720
- Resolves: #2065243 - CVE-2022-22720 httpd: HTTP request smuggling

If you see anything in the output, it means Apache has been patched against that vulnerability. Because each rpm package stores information about patches including date, description and CVE number.
On the other hand, if you don’t see anything in the output, it means Apache has not been patched and you should upgrade immediately.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *