Vulnerabilities > CVE-2013-5879 - Local Security vulnerability in Oracle Fusion Middleware 8.4/8.4.1

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
oracle
nessus
NVD
Published: 2014-01-15
Updated: 2014-09-04

Summary

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance. Per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html "Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8."

Vulnerable Configurations

Part Description Count
Application
Oracle
2

Nessus

NASL familyCGI abuses
NASL idWEBSPHERE_PORTAL_CVE-2013-5879.NASL
descriptionThe version of IBM WebSphere Portal on the remote host is affected by a denial of service vulnerability.
last seen2020-06-01
modified2020-06-02
plugin id72903
published2014-03-10
reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/72903
titleIBM WebSphere Portal Oracle Outside In Technology Component Remote DoS (PI10280)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72903);
  script_version("1.8");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id("CVE-2013-5879");
  script_bugtraq_id(64825);

  script_name(english:"IBM WebSphere Portal Oracle Outside In Technology Component Remote DoS (PI10280)");
  script_summary(english:"Checks for patches for WebSphere Portal.");

  script_set_attribute(attribute:"synopsis", value:
"An application hosted on the remote web server is affected by a denial
of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Portal on the remote host is affected by
a denial of service vulnerability.");
  # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fix_available_for_security_vulnerability_in_oracle_outside_in_technology_code_contained_in_ibm_websphere_portal_cve_2013_5879?lang=en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?265ef7be");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21664355");
  script_set_attribute(attribute:"solution", value:
"IBM has published interim fix PI10280. This fix is included in 8.0.0.1
CF10 (PI08371). Refer to IBM's advisory for more information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5879");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_portal_installed.nbin");
  script_require_keys("installed_sw/IBM WebSphere Portal");

  exit(0);
}

include("websphere_portal_version.inc");

websphere_portal_check_version(
  ranges:make_list(
    "6.0.0.0, 6.0.0.1",
    "6.1.0.0, 6.1.0.6, CF27",
    "6.1.5.0, 6.1.5.3, CF27",
    "7.0.0.0, 7.0.0.2, CF27",
    "8.0.0.0, 8.0.0.1, CF10"
  ),
  fix:"PI10280",
  severity:SECURITY_WARNING
);

References