Vulnerabilities > CVE-2012-3155

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
sun
oracle
nessus

Summary

Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB.

Nessus

  • NASL familyWindows
    NASL idSUN_JAVA_APP_SERVER_CVE-2012-3155.NASL
    descriptionThe version of Sun Java System Application Server installed on the remote host is affected by an unspecified vulnerability related to the COBRA ORB subcomponent that could allow a remote attacker to cause a loss of availability.
    last seen2020-06-01
    modified2020-06-02
    plugin id77557
    published2014-09-05
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77557
    titleSun Java System Application Server 8.1 / 8.2 DoS
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77557);
      script_version("1.4");
      script_cvs_date("Date: 2018/11/15 20:50:28");
    
      script_cve_id("CVE-2012-3155");
      script_bugtraq_id(56073);
    
      script_name(english:"Sun Java System Application Server 8.1 / 8.2 DoS");
      script_summary(english:"Checks the version of Sun Java System Application Server.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host has an application server installed that is affected
    by a vulnerability that may affect availability.");
      script_set_attribute(attribute:"description", value:
    "The version of Sun Java System Application Server installed on the
    remote host is affected by an unspecified vulnerability related to the
    COBRA ORB subcomponent that could allow a remote attacker to cause a
    loss of availability.");
      script_set_attribute(attribute:"solution", value:"Apply the appropriate patch referenced in the vendor advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      # https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?87547c81");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/05");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:sun:java_system_application_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
    
      script_dependencies("smb_hotfixes.nasl");
      script_require_keys("SMB/Registry/Enumerated");
      script_require_ports(139, 445);
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_func.inc");
    include("smb_reg_query.inc");
    include("smb_hotfixes_fcheck.inc");
    include("misc_func.inc");
    include("global_settings.inc");
    include("bsal.inc");
    include("byte_func.inc");
    include("zip.inc");
    
    # Connect to the appropriate share
    name   = kb_smb_name();
    port   = kb_smb_transport();
    login  = kb_smb_login();
    pass   = kb_smb_password();
    domain = kb_smb_domain();
    
    registry_init();
    hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);
    paths = make_array();
    
    key = "SOFTWARE\Sun Microsystems\Application Server";
    subkeys = get_registry_subkeys(handle:hklm, key:key);
    
    if (!isnull(subkeys))
    {
      foreach subkey (subkeys)
      {
        if (subkey =~ '^[0-9\\.]+')
        {
          path = get_registry_value(handle:hklm, item:key + '\\' + subkey + "\INSTALLPATH");
          if (!isnull(path)) paths[subkey] = path;
        }
      }
    }
    RegCloseKey(handle:hklm);
    
    if (max_index(keys(paths)) == 0)
    {
      close_registry();
      audit(AUDIT_NOT_INST, 'Sun Java System Application Server');
    }
    close_registry(close:FALSE);
    
    installs = 0;
    lastshare = '';
    vers = make_array();
    foreach key (keys(paths))
    {
      path = paths[key];
      share = hotfix_path2share(path:path);
      jar = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:"\1\lib\appserv-admin.jar", string:path);
    
      if (share != lastshare)
      {
        NetUseDel(close:FALSE);
        rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);
        if (rc != 1)
        {
          continue;
        }
      }
    
      fh = CreateFile(
        file:jar,
        desired_access:GENERIC_READ,
        file_attributes:FILE_ATTRIBUTE_NORMAL,
        share_mode:FILE_SHARE_READ,
        create_disposition:OPEN_EXISTING
      );
      if (isnull(fh)) continue;
    
      version = '';
      build = '';
      idx = 0;
      res = zip_parse(smb:fh, 'com/sun/appserv/server/util/Version.class');
      if ('sun-appserver-' >< res)
      {
        chunk = strstr(res, 'sun-appserver-') - 'sun-appserver-';
        chunk = substr(chunk, 2);
        chunk = chunk - strstr(chunk, 'java/util');
        chunk = chomp(substr(chunk, 2));
        for (i = 1; i <= ord(chunk[0]); i++)
          version += chunk[i];
        ver = split(version, sep:'.', keep:FALSE);
    
        idx += ord(chunk[0]) + 3;
        idx += ord(chunk[idx]) + 3;
        idx += ord(chunk[idx]) + 3;
        for (i = idx+1; i <= idx + ord(chunk[idx]); i++)
          build += chunk[i];
        vers[key] = make_array('version', version, 'build', build);
      }
      CloseFile(handle:fh);
    }
    NetUseDel();
    
    info = '';
    info2 = '';
    vuln = 0;
    foreach key (keys(vers))
    {
      path = paths[key];
      install = vers[key];
      version = install['version'];
      build = install['build'];
    
      buildnum = ereg_replace(pattern:'^[a-z]([0-9]+).*', string:build, replace:"\1");
      if (version =~ '^8\\.1([^0-9\\.]|$)' && int(buildnum) < 63)
      {
        info +=
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version + ' ' + build +
          '\n  Fixed version     : 8.1_02 b63-p35\n';
        vuln++;
      }
      else if (version =~ '^8\\.2([^0-9\\.]|$)' && int(buildnum) < 61)
      {
        info +=
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version + ' ' + build +
          '\n  Fixed version     : 8.2 b61-p19\n';
        vuln++;
      }
      else info2 += ' and ' + version + ' ' + build;
    }
    
    if (vuln)
    {
      if (report_verbosity > 0)
      {
        if (vuln > 1)
          s = 's of Sun Java System Application Server were';
        else s = ' of Sun Java System Application Server was';
    
        report =
          '\n' + 'The following vulnerable version' + s + 
          '\n' + 'found on the remote host : \n' +
          info + '\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    }
    
    if (info2)
    {
      info2 -= ' and ';
      if (' and ' >< info2) be = 'are';
      else be = 'is';
    
      exit(0, 'The host is not affected since Sun Java System Application Server '+info2+' '+be+' installed.');
    }
    else exit(1, 'Unexpected error - \'info2\' is empty.');
    
  • NASL familyWeb Servers
    NASL idGLASSFISH_CVE-2012-3155.NASL
    descriptionThe version of GlassFish Server running on the remote host is affected by an unspecified vulnerability related to the COBRA ORB subcomponent that could allow a remote attacker to cause a loss of availability.
    last seen2020-06-01
    modified2020-06-02
    plugin id77556
    published2014-09-05
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77556
    titleOracle GlassFish Server 3.0.1 / 3.1.2 / Enterprise 2.1.1 DoS
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77556);
      script_version("1.5");
      script_cvs_date("Date: 2018/11/15 20:50:25");
    
      script_cve_id("CVE-2012-3155");
      script_bugtraq_id(56073);
    
      script_name(english:"Oracle GlassFish Server 3.0.1 / 3.1.2 / Enterprise 2.1.1 DoS");
      script_summary(english:"Checks the version of Oracle GlassFish.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host has a web server installed that is affected by a
    vulnerability that may affect availability.");
      script_set_attribute(attribute:"description", value:
    "The version of GlassFish Server running on the remote host is affected
    by an unspecified vulnerability related to the COBRA ORB subcomponent
    that could allow a remote attacker to cause a loss of availability.");
      script_set_attribute(attribute:"solution", value:"Apply the appropriate patch referenced in the vendor advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      # https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?87547c81");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/05");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:glassfish_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("glassfish_detect.nasl");
      script_require_keys("www/glassfish");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("audit.inc");
    include("glassfish.inc");
    
    #
    # Main
    #
    
    # Check for GlassFish
    get_kb_item_or_exit('www/glassfish');
    
    port = get_glassfish_port(default:8080);
    
    # Get the version number out of the KB.
    ver = get_kb_item_or_exit("www/" + port + "/glassfish/version");
    banner = get_kb_item_or_exit("www/" + port + "/glassfish/source");
    pristine = get_kb_item_or_exit("www/" + port + "/glassfish/version/pristine");
    
    # Check if the installation is vulnerable.
    if (ver =~ "^3\.0\.1($|[^0-9])")
      fix = "3.0.1.6";
    else if (ver =~ "^3\.1\.2($|[^0-9])")
      fix = "3.1.2.3";
    else if (ver =~ "^2\.1\.1($|[^0-9])")
      fix = "2.1.1.19";
    else
      fix = NULL;
    
    if (!isnull(fix) && ver_compare(ver:ver, fix:fix, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source    : ' + banner +
          '\n  Installed version : ' + pristine +
          '\n  Fixed version     : ' + fix +
          '\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, banner, port);