Vulnerabilities > CVE-2015-7940 - Information Exposure vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2015-7D95466EDA.NASL description Security fix for CVE-2015-7940 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89298 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89298 title Fedora 22 : bouncycastle-1.50-8.fc22 (2015-7d95466eda) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-7d95466eda. # include("compat.inc"); if (description) { script_id(89298); script_version("2.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-7940"); script_xref(name:"FEDORA", value:"2015-7d95466eda"); script_name(english:"Fedora 22 : bouncycastle-1.50-8.fc22 (2015-7d95466eda)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2015-7940 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1276272" ); # https://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?98f40c66" ); script_set_attribute( attribute:"solution", value:"Update the affected bouncycastle package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bouncycastle"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"bouncycastle-1.50-8.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bouncycastle"); }
NASL family Misc. NASL id ORACLE_ENTERPRISE_MANAGER_JAN_2017_CPU.NASL description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in the Enterprise Manager Base Platform component : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An unauthenticated, remote attacker can exploit this to obtain private keys by using a series of specially crafted elliptic curve Diffie-Hellman (ECDH) key exchanges, also known as an last seen 2020-06-01 modified 2020-06-02 plugin id 96777 published 2017-01-25 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96777 title Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (January 2017 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(96777); script_version("1.9"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_cve_id("CVE-2015-7940", "CVE-2016-5019"); script_bugtraq_id(79091, 93236); script_name(english:"Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (January 2017 CPU)"); script_summary(english:"Checks for the patch ID."); script_set_attribute(attribute:"synopsis", value: "An enterprise management application installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in the Enterprise Manager Base Platform component : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An unauthenticated, remote attacker can exploit this to obtain private keys by using a series of specially crafted elliptic curve Diffie-Hellman (ECDH) key exchanges, also known as an 'invalid curve attack.' (CVE-2015-7940) - A flaw exists in Apache MyFaces Trinidad, specifically in the CoreResponseStateManager component, due to the ObjectInputStream and ObjectOutputStream strings being used directly without securely deserializing Java input. An unauthenticated, remote attacker can exploit this, via a deserialization attack using a crafted serialized view state string, to have an unspecified impact that may include the execution of arbitrary code. (CVE-2016-5019) Note that the product was formerly known as Enterprise Manager Grid Control."); # https://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixEM script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7143085e"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the January 2017 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/15"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_dependencies("oracle_enterprise_manager_installed.nbin"); script_require_keys("installed_sw/Oracle Enterprise Manager Cloud Control"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("oracle_rdbms_cpu_func.inc"); include("install_func.inc"); product = "Oracle Enterprise Manager Cloud Control"; install = get_single_install(app_name:product, exit_if_unknown_ver:TRUE); version = install['version']; emchome = install['path']; patchid = NULL; missing = NULL; patched = FALSE; if (version =~ "^13\.1\.0\.0(\.[0-9]+)?$") { patchid = "24897689"; fix = "13.1.0.0.170117"; } else if (version =~ "^12\.1\.0\.5(\.[0-9]+)?$") { patchid = "24897692"; fix = "12.1.0.5.170117"; } if (isnull(patchid)) audit(AUDIT_HOST_NOT, 'affected'); # compare version to check if we've already adjusted for patch level during detection if (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0) audit(AUDIT_INST_PATH_NOT_VULN, product, version, emchome); # Now look for the affected components patchesinstalled = find_patches_in_ohomes(ohomes:make_list(emchome)); if (isnull(patchesinstalled)) missing = patchid; else { foreach applied (keys(patchesinstalled[emchome])) { if (applied == patchid) { patched = TRUE; break; } else { foreach bugid (patchesinstalled[emchome][applied]['bugs']) { if (bugid == patchid) { patched = TRUE; break; } } if (patched) break; } } if (!patched) missing = patchid; } if (empty_or_null(missing)) audit(AUDIT_HOST_NOT, 'affected'); order = make_list('Product', 'Version', "Missing patch"); report = make_array( order[0], product, order[1], version, order[2], patchid ); report = report_items_str(report_items:report, ordered_fields:order); security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3417.NASL description Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from different applications, for example, TLS servers. More information: http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-att acks.htmlPractical Invalid Curve Attacks on TLS-ECDH: http://euklid.org/pdf/ECC_Invalid_Curve.pdf last seen 2020-06-01 modified 2020-06-02 plugin id 87359 published 2015-12-15 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87359 title Debian DSA-3417-1 : bouncycastle - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3417. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(87359); script_version("2.5"); script_cvs_date("Date: 2018/11/10 11:49:37"); script_cve_id("CVE-2015-7940"); script_xref(name:"DSA", value:"3417"); script_name(english:"Debian DSA-3417-1 : bouncycastle - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from different applications, for example, TLS servers. More information: http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-att acks.htmlPractical Invalid Curve Attacks on TLS-ECDH: http://euklid.org/pdf/ECC_Invalid_Curve.pdf" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671" ); # http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?577fd981" ); script_set_attribute( attribute:"see_also", value:"http://euklid.org/pdf/ECC_Invalid_Curve.pdf" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/bouncycastle" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/bouncycastle" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2015/dsa-3417" ); script_set_attribute( attribute:"solution", value: "Upgrade the bouncycastle packages. For the oldstable distribution (wheezy), this problem has been fixed in version 1.44+dfsg-3.1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 1.49+dfsg-3+deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bouncycastle"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/12/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libbcmail-java", reference:"1.44+dfsg-3.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libbcmail-java-doc", reference:"1.44+dfsg-3.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libbcmail-java-gcj", reference:"1.44+dfsg-3.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libbcpg-java", reference:"1.44+dfsg-3.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libbcpg-java-doc", reference:"1.44+dfsg-3.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libbcpg-java-gcj", reference:"1.44+dfsg-3.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libbcprov-java", reference:"1.44+dfsg-3.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libbcprov-java-doc", reference:"1.44+dfsg-3.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libbcprov-java-gcj", reference:"1.44+dfsg-3.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libbctsp-java", reference:"1.44+dfsg-3.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libbctsp-java-doc", reference:"1.44+dfsg-3.1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libbctsp-java-gcj", reference:"1.44+dfsg-3.1+deb7u1")) flag++; if (deb_check(release:"8.0", prefix:"libbcmail-java", reference:"1.49+dfsg-3+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libbcmail-java-doc", reference:"1.49+dfsg-3+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libbcpg-java", reference:"1.49+dfsg-3+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libbcpg-java-doc", reference:"1.49+dfsg-3+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libbcpkix-java", reference:"1.49+dfsg-3+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libbcpkix-java-doc", reference:"1.49+dfsg-3+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libbcprov-java", reference:"1.49+dfsg-3+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libbcprov-java-doc", reference:"1.49+dfsg-3+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Misc. NASL id ORACLE_BI_PUBLISHER_APR_2020_CPU.NASL description The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.9.x prior to 11.1.1.9.200414 or 12.2.1.3.x prior to 12.2.1.3.200414 or 12.2.1.4.x prior to 12.2.1.4.200414. It is, therefore, affected by multiple vulnerabilities as noted in the April 2020 Critical Patch Update advisory - An unspecified vulnerability in the Analystics Web General component of Oracle BI Published. An easily exploitable vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. A successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2020-2950) - The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an invalid curve attack. (CVE-2015-7940) - Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution (CVE-2016-1000031) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-23 modified 2020-04-16 plugin id 135678 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135678 title Oracle Business Intelligence Publisher Multiple Vulnerabilities (Apr 2020 CPU) code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(135678); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/22"); script_cve_id("CVE-2015-7940", "CVE-2016-1000031", "CVE-2020-2950"); script_bugtraq_id(79091, 93604); script_name(english:"Oracle Business Intelligence Publisher Multiple Vulnerabilities (Apr 2020 CPU)"); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by multiple vulnerabilities"); script_set_attribute(attribute:"description", value: "The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.9.x prior to 11.1.1.9.200414 or 12.2.1.3.x prior to 12.2.1.3.200414 or 12.2.1.4.x prior to 12.2.1.4.200414. It is, therefore, affected by multiple vulnerabilities as noted in the April 2020 Critical Patch Update advisory - An unspecified vulnerability in the Analystics Web General component of Oracle BI Published. An easily exploitable vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. A successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2020-2950) - The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an invalid curve attack. (CVE-2015-7940) - Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution (CVE-2016-1000031) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/a/tech/docs/cpuapr2020cvrf.xml"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2020.html"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the April 2020 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2950"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/14"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"agent", value:"all"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:business_intelligence_publisher"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_bi_publisher_installed.nbin"); script_require_keys("installed_sw/Oracle Business Intelligence Publisher"); exit(0); } include('vcf.inc'); include('vcf_extras.inc'); app_info = vcf::get_app_info(app:'Oracle Business Intelligence Publisher'); constraints = [ {'min_version': '11.1.1.9', 'fixed_version': '11.1.1.9.200414', 'patch': '30992893', 'bundle': '31094216'}, {'min_version': '12.2.1.3', 'fixed_version': '12.2.1.3.200414', 'patch': '30768584', 'bundle': '30768584'}, {'min_version': '12.2.1.4', 'fixed_version': '12.2.1.4.200414', 'patch': '30768593', 'bundle': '30768593'} ]; vcf::oracle_bi_publisher::check_version_and_report(app_info: app_info, constraints:constraints, severity:SECURITY_HOLE);
NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-705.NASL description bouncycastle was updated to version 1.53 to fix one security issue. This security issue was fixed : - CVE-2015-7940: Invalid curve attack (bsc#951727). last seen 2020-06-05 modified 2015-11-05 plugin id 86740 published 2015-11-05 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86740 title openSUSE Security Update : bouncycastle (openSUSE-2015-705) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-705. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(86740); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-7940"); script_name(english:"openSUSE Security Update : bouncycastle (openSUSE-2015-705)"); script_summary(english:"Check for the openSUSE-2015-705 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "bouncycastle was updated to version 1.53 to fix one security issue. This security issue was fixed : - CVE-2015-7940: Invalid curve attack (bsc#951727)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=951727" ); script_set_attribute( attribute:"solution", value:"Update the affected bouncycastle packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bouncycastle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bouncycastle-javadoc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2015/10/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1|SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2 / 42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"bouncycastle-1.53-8.3.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"bouncycastle-javadoc-1.53-8.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"bouncycastle-1.53-13.3.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"bouncycastle-javadoc-1.53-13.3.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"bouncycastle-1.53-16.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"bouncycastle-javadoc-1.53-16.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bouncycastle / bouncycastle-javadoc"); }
NASL family Solaris Local Security Checks NASL id SOLARIS10_142824-29.NASL description Indexing and Search Service 1u5-29.15600: core patch. Date this patch was last updated by Sun : Jan/07/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107538 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107538 title Solaris 10 (sparc) : 142824-29 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107538); script_version("1.3"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2015-7940"); script_name(english:"Solaris 10 (sparc) : 142824-29"); script_summary(english:"Check for patch 142824-29"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 142824-29" ); script_set_attribute( attribute:"description", value: "Indexing and Search Service 1u5-29.15600: core patch. Date this patch was last updated by Sun : Jan/07/17" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/142824-29" ); script_set_attribute(attribute:"solution", value:"Install patch 142824-29 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7940"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142824"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"142824-29", obsoleted_by:"", package:"SUNWjiss", version:"1.0,REV=2009.09.09") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWjiss"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3727-1.NASL description It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111512 published 2018-08-02 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111512 title Ubuntu 14.04 LTS : bouncycastle vulnerabilities (USN-3727-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3727-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(111512); script_version("1.4"); script_cvs_date("Date: 2019/09/18 12:31:48"); script_cve_id("CVE-2015-6644", "CVE-2015-7940", "CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000345", "CVE-2016-1000346"); script_xref(name:"USN", value:"3727-1"); script_name(english:"Ubuntu 14.04 LTS : bouncycastle vulnerabilities (USN-3727-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3727-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbcmail-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbcpg-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbcpkix-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbcprov-java"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"libbcmail-java", pkgver:"1.49+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libbcpg-java", pkgver:"1.49+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libbcpkix-java", pkgver:"1.49+dfsg-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libbcprov-java", pkgver:"1.49+dfsg-2ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libbcmail-java / libbcpg-java / libbcpkix-java / libbcprov-java"); }
NASL family Web Servers NASL id SUN_JAVA_WEB_SERVER_7_0_27.NASL description According to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services (NSS) library with unknown impact. last seen 2020-06-01 modified 2020-06-02 plugin id 106349 published 2018-01-25 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106349 title Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(106349); script_version("1.7"); script_cvs_date("Date: 2019/11/08"); script_cve_id( "CVE-2015-7501", "CVE-2015-7940", "CVE-2016-0635", "CVE-2016-1182", "CVE-2016-2107", "CVE-2016-2179", "CVE-2017-3732", "CVE-2017-5645", "CVE-2017-9798", "CVE-2017-10068", "CVE-2017-10262", "CVE-2017-10273", "CVE-2017-10352", "CVE-2017-12617", "CVE-2018-2561", "CVE-2018-2564", "CVE-2018-2584", "CVE-2018-2594", "CVE-2018-2595", "CVE-2018-2596", "CVE-2018-2601", "CVE-2018-2610", "CVE-2018-2625", "CVE-2018-2711", "CVE-2018-2713", "CVE-2018-2715", "CVE-2018-2733" ); script_bugtraq_id( 78215, 79091, 89760, 91067, 91869, 92987, 95814, 97702, 98050, 100872, 100954, 102442, 102535, 102539, 102541, 102545, 102550, 102553, 102558, 102562, 102565, 102567, 102569, 102573, 102634, 102637, 102641, 102643 ); script_name(english:"Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)"); script_summary(english:"Checks the version in the admin console."); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by an unspecified vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services (NSS) library with unknown impact."); # http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ae82f1b1"); # https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=14v5w3zyq8_4&_afrLoop=466151680153736#babhdcfj script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fccabced"); script_set_attribute(attribute:"solution", value: "Upgrade to Oracle iPlanet Web Server version 7.0.27 or later as referenced in the January 2018 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7501"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat for Windows HTTP PUT Method File Upload"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Tomcat RCE via JSP Upload Bypass'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/17"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/25"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:iplanet_web_server"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:network_security_services"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_iplanet_web_server_detect.nbin"); script_require_keys("installed_sw/Oracle iPlanet Web Server"); exit(0); } include("global_settings.inc"); include("audit.inc"); include("misc_func.inc"); include("install_func.inc"); include("http.inc"); app_name = "Oracle iPlanet Web Server"; port = get_http_port(default:8989); install = get_single_install(app_name:app_name, port:port, exit_if_unknown_ver:TRUE); version = install['version']; fix = "7.0.27"; min = "7.0"; # Affected 7.0.x < 7.0.27 if ( ver_compare(ver:version, fix:min, strict:FALSE) >= 0 && ver_compare(ver:version, fix:fix, strict:FALSE) == -1 ) { report = report_items_str( report_items:make_array( "Installed version", version, "Fixed version", fix ), ordered_fields:make_list("Installed version", "Fixed version") ); security_report_v4(port:port, severity:SECURITY_HOLE, extra:report); } else audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-361.NASL description The Bouncy Castle Java library before 1.51 does not validate that a point is within the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an last seen 2020-03-17 modified 2015-12-09 plugin id 87266 published 2015-12-09 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87266 title Debian DLA-361-1 : bouncycastle security update NASL family Misc. NASL id ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL description The version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An unauthenticated, remote attacker can exploit this to obtain private keys by using a series of specially crafted elliptic curve Diffie-Hellman (ECDH) key exchanges, also known as an last seen 2020-06-01 modified 2020-06-02 plugin id 101837 published 2017-07-20 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101837 title Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy) NASL family Misc. NASL id ORACLE_JDEVELOPER_CPU_JUL_2018.NASL description The version of Oracle JDeveloper installed on the remote host is missing a security patch. Please see the vendor advisory for additional information. last seen 2020-06-01 modified 2020-06-02 plugin id 111332 published 2018-07-25 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111332 title Oracle JDeveloper Information Disclosure Vulnerability (July 2018 CPU) NASL family Web Servers NASL id ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL description The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the January 2018 CPU advisory. last seen 2020-03-18 modified 2018-01-24 plugin id 106299 published 2018-01-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106299 title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)
Redhat
advisories |
|
References
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html
- http://rhn.redhat.com/errata/RHSA-2016-2035.html
- http://rhn.redhat.com/errata/RHSA-2016-2036.html
- http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
- http://www.debian.org/security/2015/dsa-3417
- http://www.openwall.com/lists/oss-security/2015/10/22/7
- http://www.openwall.com/lists/oss-security/2015/10/22/9
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/79091
- http://www.securitytracker.com/id/1037036
- http://www.securitytracker.com/id/1037046
- http://www.securitytracker.com/id/1037053
- https://usn.ubuntu.com/3727-1/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html