Vulnerabilities > CVE-2015-4744 - Remote Security vulnerability in Oracle GlassFish Server and WebLogic Server

047910
CVSS 2.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
oracle
nessus

Summary

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via unknown vectors related to Java Server Faces.

Nessus

NASL familyWeb Servers
NASL idGLASSFISH_CPU_JUL_2015.NASL
descriptionThe version of Oracle GlassFish Server running on the remote host is affected by multiple vulnerabilities : - A security bypass vulnerability exists in the bundled Network Security Services (NSS) library because the definite_length_decoder() function, in file quickder.c, does not properly form the DER encoding of an ASN.1 length. A remote attacker, by using a long byte sequence for an encoding, can exploit this issue to conduct undetected smuggling of arbitrary data. (CVE-2014-1569) - An unspecified flaw exists related to the Java Server Faces subcomponent. A remote attacker can exploit this to affect the integrity of the system. (CVE-2015-2623) - An unspecified flaw exists related to the Java Server Faces and Web Container subcomponents. A remote attacker can exploit this to affect the integrity of the system. (CVE-2015-4744)
last seen2020-06-01
modified2020-06-02
plugin id84810
published2015-07-16
reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/84810
titleOracle GlassFish Server Multiple Vulnerabilities (July 2015 CPU)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(84810);
  script_version("1.8");
  script_cvs_date("Date: 2018/07/12 19:01:16");

  script_cve_id("CVE-2014-1569", "CVE-2015-2623", "CVE-2015-4744");
  script_bugtraq_id(71675, 75848, 75859);

  script_name(english:"Oracle GlassFish Server Multiple Vulnerabilities (July 2015 CPU)");
  script_summary(english:"Checks the version of Oracle GlassFish.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle GlassFish Server running on the remote host is
affected by multiple vulnerabilities :

  - A security bypass vulnerability exists in the bundled
    Network Security Services (NSS) library because the
    definite_length_decoder() function, in file quickder.c,
    does not properly form the DER encoding of an ASN.1
    length. A remote attacker, by using a long byte sequence
    for an encoding, can exploit this issue to conduct
    undetected smuggling of arbitrary data. (CVE-2014-1569)

  - An unspecified flaw exists related to the Java Server
    Faces subcomponent. A remote attacker can exploit this
    to affect the integrity of the system. (CVE-2015-2623)

  - An unspecified flaw exists related to the Java Server
    Faces and Web Container subcomponents. A remote attacker
    can exploit this to affect the integrity of the system.
    (CVE-2015-4744)");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Oracle GlassFish Server 2.1.1.26 / 3.0.1.12 / 3.1.2.12 or
later as referenced in the July 2015 Oracle Critical Patch Update
advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
# http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d18c2a85");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/16");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:glassfish_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("glassfish_detect.nasl");
  script_require_keys("www/glassfish");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("audit.inc");
include("glassfish.inc");

#
# Main
#

# Check for GlassFish
get_kb_item_or_exit('www/glassfish');

port = get_glassfish_port(default:8080);

# Get the version number out of the KB.
ver = get_kb_item_or_exit("www/" + port + "/glassfish/version");
banner = get_kb_item_or_exit("www/" + port + "/glassfish/source");
pristine = get_kb_item_or_exit("www/" + port + "/glassfish/version/pristine");

# Set appropriate fixed versions.
if (ver =~ "^2\.1\.1") fix = "2.1.1.26";
else if (ver =~ "^3\.0\.1") fix = "3.0.1.12";
else if (ver =~ "^3\.1\.2") fix = "3.1.2.12";
else fix = NULL;

if (!isnull(fix) && ver_compare(ver:ver, fix:fix, strict:FALSE) < 0)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Version source    : ' + banner +
      '\n  Installed version : ' + pristine +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_LISTEN_NOT_VULN, "Oracle GlassFish", port, pristine);