Vulnerabilities > CVE-2011-3566 - Remote Security vulnerability in Oracle Weblogic Server

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

oracle

nessus

NVD

Published: 2012-01-18

Updated: 2012-01-19

Summary

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vectors related to Web Container.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Fusion Middleware 9.2.4 Oracle Fusion Middleware 10.0.2 Oracle Fusion Middleware 10.3.3 Oracle Fusion Middleware 10.3.4 Oracle Fusion Middleware 10.3.5	5

Nessus

NASL family	Web Servers
NASL id	FUSION_WEBLOGIC_WEBCONTAINER_DOS.NASL
description	The version of the WebLogic component on Oracle Middleware installed on the remote host is affected by an unspecified vulnerability related to the Web Container affecting availability. Successful exploitation of this vulnerability could cause a denial of service condition.
last seen	2020-06-01
modified	2020-06-02
plugin id	57794
published	2012-02-02
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57794
title	Oracle Fusion Middleware WebLogic Component DoS
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(57794); script_version("1.6"); script_cvs_date("Date: 2018/06/14 12:21:48"); script_cve_id("CVE-2011-3566"); script_bugtraq_id(51469); script_name(english:"Oracle Fusion Middleware WebLogic Component DoS"); script_summary(english:"Checks version of Oracle WebLogic Component"); script_set_attribute(attribute:"synopsis", value: "The remote host has a web application server installed that contains an unspecified vulnerability."); script_set_attribute(attribute:"description", value: "The version of the WebLogic component on Oracle Middleware installed on the remote host is affected by an unspecified vulnerability related to the Web Container affecting availability. Successful exploitation of this vulnerability could cause a denial of service condition."); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f9a69d65"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11da589e"); script_set_attribute(attribute:"solution", value: "See the Oracle advisory for information on obtaining and applying bug fix patches."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/02"); script_set_attribute(attribute:"agent", value:"all"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("oracle_weblogic_server_installed.nbin"); script_require_keys("Oracle/WLS/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("oracle_rdbms_cpu_func.inc"); get_kb_item_or_exit("Oracle/WLS/Installed"); app_name = "Oracle WebLogic Server"; report = ""; affected = 0; not_affected = make_list(); # Get installs. installs = make_list(get_kb_list("Oracle/WLS//install")); # Get patches. ohomes = make_list(); q = query_scratchpad("SELECT path FROM oracle_homes"); if (isnull(q)) exit(1, 'Unable to obtain Oracle Homes'); foreach ohome (q) { ohomes = make_list(ohomes, ohome['path']); } patches = find_patches_in_ohomes(ohomes:ohomes); if(!isnull(patches)) { # Verify that each install is patched. foreach install (installs) { install = split(install, sep:',', keep:FALSE); ohome = install[0]; subdir = install[1]; version = install[2]; patched = FALSE; fix = NULL; fix_ver = NULL; # individual security patches if (version =~ "^9\.2\.4(\.0)$") fix = "TW4A"; else if (version =~ "^10\.0\.1(\.0)$") fix = "96PR"; else if (version =~ "^10\.0\.2(\.0)$") fix = "2DIK"; else if (version =~ "^10\.3\.0(\.0)$") fix = "JAE6"; else if (version =~ "^10\.3\.2(\.0)?$") fix = "AVJP"; else if (version =~ "^10\.3\.3(\.0)*?$") fix = "1FKM"; # patch sets else if (version =~ "^10\.3\.5\.") { fix_ver = "10.3.5.0.2"; fix = "USGW"; } else if (version =~ "^10\.3\.4\.") { fix_ver = "10.3.4.0.4"; fix = "XZNF"; } else not_affected = make_list(not_affected, version); if (isnull(fix)) continue; # patch set check if(!isnull(fix_ver)) { if(ver_compare(ver:version, fix:fix_ver, strict:FALSE) >= 0) patched = TRUE; } # security patch check else { # Check for patch. foreach patch (keys(patches[ohome])) { if (patch == fix) { patched = TRUE; break; } } } if (!patched) { report += '\n Oracle Home : ' + ohome + '\n Install path : ' + subdir + '\n Version : ' + version + '\n Required patch : ' + fix + '\n'; affected++; } else not_affected = make_list(not_affected, version); } } if (affected) { port = 0; if (report_verbosity > 0) { report = affected + ' of ' + max_index(installs) + ' installs affected :\n' + report; security_warning(extra:report, port:port); } else security_warning(port:port); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, app_name, not_affected);

References

http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html