Vulnerabilities > CVE-2015-9251 - Cross-site Scripting vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Embedding Scripts in Non-Script Elements This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
- Embedding Scripts within Scripts An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
- Cross-Site Scripting in Error Pages An attacker distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block of exploit code in order to have the exploit become live code in the resulting error page. When the third party web server receives the crafted request and notes the error it then creates an error message that echoes the malformed message, including the exploit. Doing this converts the exploit portion of the message into to valid language elements that are executed by the viewing browser. When a victim executes the query provided by the attacker the infected error message error message is returned including the exploit code which then runs in the victim's browser. XSS can result in execution of code as well as data leakage (e.g. session cookies can be sent to the attacker). This type of attack is especially dangerous since the exploit appears to come from the third party web server, who the victim may trust and hence be more vulnerable to deception.
- Cross-Site Scripting Using Alternate Syntax The attacker uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_ED8D5535CA7811E9980B999FF59C22EA.NASL description Ruby news : There are multiple vulnerabilities about Cross-Site Scripting (XSS) in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc. The following vulnerabilities have been reported. CVE-2012-6708 CVE-2015-9251 last seen 2020-06-01 modified 2020-06-02 plugin id 128404 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128404 title FreeBSD : RDoc -- multiple jQuery vulnerabilities (ed8d5535-ca78-11e9-980b-999ff59c22ea) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2019 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(128404); script_version("1.3"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2012-6708", "CVE-2015-9251"); script_name(english:"FreeBSD : RDoc -- multiple jQuery vulnerabilities (ed8d5535-ca78-11e9-980b-999ff59c22ea)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Ruby news : There are multiple vulnerabilities about Cross-Site Scripting (XSS) in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc. The following vulnerabilities have been reported. CVE-2012-6708 CVE-2015-9251" ); # https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1475b8d4" ); # https://vuxml.freebsd.org/freebsd/ed8d5535-ca78-11e9-980b-999ff59c22ea.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?caf61e14" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:rubygem-rdoc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/28"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"ruby>=2.4.0,1<2.4.7,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"ruby>=2.5.0,1<2.5.6,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"ruby>=2.6.0,1<2.6.3,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"rubygem-rdoc<6.1.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Misc. NASL id ORACLE_WEBLOGIC_SERVER_CPU_OCT_2019.NASL description The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the jquery component of the Web Services of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized update, insert, or delete access to some of Oracle WebLogic Server accessible data. (CVE-2015-9251) - An unspecified vulnerability in the Web Services component of Oracle Weblogic Server. An unauthenticated, remote attacker unauthorized can exploit this to gain read access to some of Oracle WebLogic Server accessible data. (CVE-2019-2887) - An unspecified vulnerability in the Web Services component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized read access to some of Oracle WebLogic Server accessible data. (CVE-2019-2888) - An unspecified vulnerability in the Web Services component of Oracle Weblogic Server. An authenticated, high priviledge remote attacker can exploit this to compromise Oracle WebLogic Server. (CVE-2019-2890) - An unspecified vulnerability in the console component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle WebLogic Server. (CVE-2019-2891) - An unspecified vulnerability in the SOAP with Attachments API for Java component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized update, insert, or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. (CVE-2019-2907) - An unspecified vulnerability in the ADF Faces jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle JDeveloper and ADF resulting in an unauthorized update, insert, or delete access to some of OracleJDeveloper & ADF accessible data as well as unauthorized read access to a subset of Oracle JDeveloper & ADF accessible data. (CVE-2019-11358) - An unspecified vulnerability in the Web Container jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle Service Bus resulting in an unauthorized update, insert, or delete access to some of Service Bus data as well as unauthorized read access to a subset of Oracle Service Bus accessible data. (CVE-2019-11358) - An unspecified vulnerability in the console jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle WebLogic Server resulting in an unauthorized update, insert, or delete access to some of Oracle WebLogic Server data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. (CVE-2019-11358) - An unspecified vulnerability in the Web Container Faces jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle Service Bus resulting in an unauthorized update, insert, or delete access to some of Oracle WebLogic Server data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. (CVE-2019-17091) last seen 2020-06-01 modified 2020-06-02 plugin id 130012 published 2019-10-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130012 title Oracle WebLogic Server Multiple Vulnerabilities (Oct 2019 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(130012); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/30"); script_cve_id( "CVE-2015-9251", "CVE-2019-2887", "CVE-2019-2888", "CVE-2019-2890", "CVE-2019-2891", "CVE-2019-2889", "CVE-2019-2907", "CVE-2019-11358", "CVE-2019-17091" ); script_bugtraq_id(105658, 108023); script_xref(name:"IAVA", value:"2019-A-0382"); script_name(english:"Oracle WebLogic Server Multiple Vulnerabilities (Oct 2019 CPU)"); script_summary(english:"Checks the version of Oracle WebLogic to ensure the October 2019 CPU is applied."); script_set_attribute(attribute:"synopsis", value: "An application server installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the jquery component of the Web Services of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized update, insert, or delete access to some of Oracle WebLogic Server accessible data. (CVE-2015-9251) - An unspecified vulnerability in the Web Services component of Oracle Weblogic Server. An unauthenticated, remote attacker unauthorized can exploit this to gain read access to some of Oracle WebLogic Server accessible data. (CVE-2019-2887) - An unspecified vulnerability in the Web Services component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized read access to some of Oracle WebLogic Server accessible data. (CVE-2019-2888) - An unspecified vulnerability in the Web Services component of Oracle Weblogic Server. An authenticated, high priviledge remote attacker can exploit this to compromise Oracle WebLogic Server. (CVE-2019-2890) - An unspecified vulnerability in the console component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle WebLogic Server. (CVE-2019-2891) - An unspecified vulnerability in the SOAP with Attachments API for Java component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized update, insert, or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. (CVE-2019-2907) - An unspecified vulnerability in the ADF Faces jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle JDeveloper and ADF resulting in an unauthorized update, insert, or delete access to some of OracleJDeveloper & ADF accessible data as well as unauthorized read access to a subset of Oracle JDeveloper & ADF accessible data. (CVE-2019-11358) - An unspecified vulnerability in the Web Container jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle Service Bus resulting in an unauthorized update, insert, or delete access to some of Service Bus data as well as unauthorized read access to a subset of Oracle Service Bus accessible data. (CVE-2019-11358) - An unspecified vulnerability in the console jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle WebLogic Server resulting in an unauthorized update, insert, or delete access to some of Oracle WebLogic Server data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. (CVE-2019-11358) - An unspecified vulnerability in the Web Container Faces jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle Service Bus resulting in an unauthorized update, insert, or delete access to some of Oracle WebLogic Server data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. (CVE-2019-17091)"); # https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b370bc74"); # https://www.oracle.com/technetwork/security-advisory/cpuoct2019verbose-5072833.html#FMW script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3d73bb23"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the October 2019 Oracle Critical Patch Update advisory. Refer to Oracle for any additional patch instructions or mitigation options."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2891"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"agent", value:"all"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/15"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:weblogic_server"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_weblogic_server_installed.nbin", "os_fingerprint.nasl"); script_require_keys("installed_sw/Oracle WebLogic Server"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('install_func.inc'); include('obj.inc'); include('spad_log_func.inc'); app_name = "Oracle WebLogic Server"; install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE); ohome = install["Oracle Home"]; subdir = install["path"]; version = install["version"]; fix = NULL; fix_ver = NULL; spad_log(message:"checking version [" + version + "]"); # individual security patches if (version =~ "^12\.2\.1\.3($|[^0-9])") { fix_ver = "12.2.1.3.191015"; fix = make_list("30386660"); } else if (version =~ "^12\.1\.3\.") { fix_ver = "12.1.3.0.191015"; fix = make_list("30108725"); } else if (version =~ "^10\.3\.6\.") { fix_ver = "10.3.6.0.191015"; fix = make_list("3L3H"); # patchid is obtained from the readme and 10.3.6.x assets are different } else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir); spad_log(message:"checking fix [" + obj_rep(fix) + "]"); PATCHED=FALSE; # Iterate over the list of patches and check the install for the patchID foreach id (fix) { spad_log(message:"Checking fix id: [" + id +"]"); if (install[id]) { PATCHED=TRUE; break; } } VULN=FALSE; if (ver_compare(ver:version, fix:fix_ver, strict:FALSE) == -1) VULN=TRUE; if (PATCHED || !VULN) audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir); os = get_kb_item_or_exit("Host/OS"); if ('windows' >< tolower(os)) { port = get_kb_item("SMB/transport"); if (!port) port = 445; } else port = 0; report = '\n Oracle Home : ' + ohome + '\n Install path : ' + subdir + '\n Version : ' + version + '\n Fixes : ' + join(sep:", ", fix); security_report_v4(extra:report, severity:SECURITY_WARNING, port:port);
NASL family Misc. NASL id ORACLE_BI_PUBLISHER_JUL_2019_CPU.NASL description The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.9.x prior to 11.1.1.9.190716 or 12.2.1.4.x prior to 12.2.1.4.190716. It is, therefore, affected by multiple vulnerabilities as noted in the July 2019 Critical Patch Update advisory: - An unspecified vulnerability in the BI Publisher Security component of Oracle BI Publisher (formerly XML Publisher) that could allow a privileged attacker with network access via HTTP to compromise Oracle BI Publisher . A successful attack of this vulnerability could result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. The attack requires human interaction. (CVE-2019-2771) - An unspecified vulnerability in the Web Service API component of Oracle BI Publisher (formerly XML Publisher) that could allow an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher . A successful attack of this vulnerability could result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. (CVE-2019-2742) - An unspecified vulnerability in the BI Platform Security (jQuery) component of Oracle BI Publisher (formerly XML Publisher) that could allow a unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher . A successful attack of this vulnerability could result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. The attack requires human interaction. (CVE-2015-9251) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-05-31 modified 2019-07-17 plugin id 126776 published 2019-07-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126776 title Oracle Business Intelligence Publisher Multiple Vulnerabilities (Jul 2019 CPU) NASL family Web Servers NASL id IBM_TEM_9_5_12.NASL description According to its self-reported version, the IBM BigFix Platform application running on the remote host is 9.5.x prior to 9.5.12. It is, therefore, affected by multiple vulnerabilities : - An arbitrary file upload vulnerability exists in IBM BigFix Platform. An authenticated, remote attacker can exploit this to upload arbitrary files on the remote host as the root user. (CVE-2019-4013) - An information disclosure vulnerability exists in IBM BigFix Platform due to the PortSmash side-channel attack against processors leveraging SMT/Hyper-Threading. An authenticated, local attacker can exploit this to disclose potentially sensitive information. (CVE-2018-5407) - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 124565 published 2019-05-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124565 title IBM BigFix Platform 9.5.x < 9.5.12 Multiple Vulnerabilities NASL family Misc. NASL id ORACLE_OATS_CPU_JAN_2019.NASL description The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Enterprise Manager Base Platform Agent Next Gen (Jython) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2016-4000) - Enterprise Manager Base Platform Discovery Framework (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Base Platform. (CVE-2018-0732) - Enterprise Manager Ops Center Networking (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Ops Center Platform. (CVE-2018-0732) - Oracle Application Testing Suite Load Testing for Web Apps (Spring Framework) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2018-1258) - Enterprise Manager Base Platform EM Console component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access. (CVE-2018-3303) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3304) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3305) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-12023) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-14718) - Enterprise Manager Ops Center Networking (cURL) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager Ops Center. (CVE-2018-1000300) last seen 2020-06-01 modified 2020-06-02 plugin id 121257 published 2019-01-21 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121257 title Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2019 CPU) NASL family CGI abuses NASL id ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2019.NASL description According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 15.x or 16.x prior to 16.2.15.9 or 17.7.x prior to 17.12.11 or 18.x prior to 18.8.11. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability exists in the Apache Solr subcomponent of Primavera Unifier. An unauthenticated, remote attacker can exploit this, via a specially crafted request to the Solr Config API, to execute arbitrary code on the target host. (CVE-2019-0192) - A denial of service (DoS) vulnerability exists in the Apache Tika subcomponent of Primavera Unifier due to incorrect parsing of a crafted sqlite file. An unauthenticated, remote attacker can exploit this issue by convincing a user to open a specially crafted file to cause the application to stop responding. (CVE-2018-17197) - A server side request forgery exists in the Apache Solr subcomponent of Primavera Unifier. An unauthenticated remote attacker can exploit this issue to make Solr perform an HTTP GET request to any reachable URL. (CVE-2017-3164) - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 126829 published 2019-07-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126829 title Oracle Primavera Unifier Multiple Vulnerabilities (Jul 2019 CPU) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0737-1.NASL description This update for ruby2.5 toversion 2.5.7 fixes the following issues : ruby 2.5 was updated to version 2.5.7 CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804). CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990). CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992). CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994). CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995). CVE-2012-6708: Fixed an XSS in JQuery CVE-2015-9251: Fixed an XSS in JQuery Fixed unit tests (bsc#1140844) Removed some unneeded test files (bsc#1162396). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-26 modified 2020-03-23 plugin id 134824 published 2020-03-23 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134824 title SUSE SLED15 / SLES15 Security Update : Recommended update for ruby2.5 (SUSE-SU-2020:0737-1) NASL family Misc. NASL id ORACLE_BI_PUBLISHER_OCT_2019_CPU.NASL description The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.9.x prior to 11.1.1.9.191015 or 12.2.1.3.x prior to 12.2.1.3.191015 or 12.2.1.4.x prior to 12.2.1.4.191015. It is, therefore, affected by multiple vulnerabilities as noted in the October 2019 Critical Patch Update advisory: - An unspecified vulnerability in the Installation component of Oracle BI Publisher that allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. (CVE-2019-2905) - An unspecified vulnerability in the MobileService component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTP to compromise BI Publisher. A successful attack requires human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. (CVE-2019-2906) - An unspecified vulnerability in the BI PublisherSecurity component of Oracle BI Publisher could allow a low privileged attacker with networkaccess via HTTP to compromise Oracle BI Publisher. A successful attack of this vulnerability canresult in unauthorized read access to a subset of BIPublisher accessible data (CVE-2019-2898) - An unspecified vulnerability in the Analytics Actions component of Oracle BI Publisher could allow a low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. (CVE-2019-2897) - An unspecified vulnerability in the Secure Store (OpenSSL) component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTPS to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher data. (CVE-2019-1559) - An unspecified vulnerability in the BI Platform Security (JQuery) component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. (CVE-2016-7103) - An unspecified vulnerability in the Analytics Actions component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. (CVE-2019-2900) - An unspecified vulnerability in the BI Platform Security component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. (CVE-2019-3012) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-05-31 modified 2019-11-06 plugin id 130589 published 2019-11-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130589 title Oracle Business Intelligence Publisher Multiple Vulnerabilities (Oct 2019 CPU) NASL family Misc. NASL id ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the subcomponent Networking (jQuery) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attacks requires human interaction and can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. (CVE-2015-9251) - An unspecified vulnerability in the subcomponent Networking (OpenSSL) of the Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability could result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. (CVE-2018-0732) - An unspecified vulnerability in the subcomponent Networking (cURL) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attack requires human interaction from a person other than the attacker and can result in takeover of Enterprise Manager Ops Center. (CVE-2018-1000300) last seen 2020-06-01 modified 2020-06-02 plugin id 131184 published 2019-11-21 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131184 title Oracle Enterprise Manager Ops Center (Jan 2019 CPU) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-395.NASL description This update for ruby2.5 toversion 2.5.7 fixes the following issues: 	 ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804). - CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990). - CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992). - CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995). - CVE-2012-6708: Fixed an XSS in JQuery - CVE-2015-9251: Fixed an XSS in JQuery - Fixed unit tests (bsc#1140844) - Removed some unneeded test files (bsc#1162396). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-04-07 modified 2020-04-02 plugin id 135161 published 2020-04-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135161 title openSUSE Security Update : ruby2.5 (openSUSE-2020-395) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_416CA0F43FE011E9BBDD6805CA0B3D42.NASL description BestPractical reports : The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting (XSS) vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longer receives official updates, however a fix was posted with recommendations for applications to patch locally, so RT will follow this recommendation and ship with a patched version. last seen 2020-06-01 modified 2020-06-02 plugin id 122657 published 2019-03-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122657 title FreeBSD : rt -- XSS via jQuery (416ca0f4-3fe0-11e9-bbdd-6805ca0b3d42) NASL family CGI abuses NASL id ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2020.NASL description According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.18, 16.x prior to 16.2.11, 17.x prior to 17.12.6, or 18.x prior to 18.8.8.1. It is, therefore, affected by multiple vulnerabilities, including the following: - Two Polymorphic Typing issues present in FasterXML jackson-databind related to com.zaxxer.hikari.HikariDataSource which can be exploited by remote, unauthenticated attackers. (CVE-2019-16335, CVE-2019-14540) - A man-in-the-middle vulnerability caused by the getCN function in Apache Axis not properly verifying that the server hostname matches a domain name in the subject last seen 2020-05-08 modified 2020-01-15 plugin id 132936 published 2020-01-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132936 title Oracle Primavera Gateway Multiple Vulnerabilities (Jan 2020 CPU) NASL family CGI abuses : XSS NASL id JQUERY_3_0_0.NASL description The version of JQuery library hosted on the remote web server is prior to 3.0.0. It is, therefore, affected by a cross site scripting vulnerability when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed last seen 2020-06-01 modified 2020-06-02 plugin id 125152 published 2019-05-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125152 title JQuery < 3.0.0 XSS NASL family CGI abuses NASL id ORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2018.NASL description According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.15, 16.x prior to 16.2.8, or 17.x prior to 17.12.3. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-04-30 modified 2018-11-02 plugin id 118714 published 2018-11-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118714 title Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2018 CPU)
Redhat
advisories |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
- http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
- http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
- http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
- http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
- http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
- http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
- http://seclists.org/fulldisclosure/2019/May/10
- http://seclists.org/fulldisclosure/2019/May/10
- http://seclists.org/fulldisclosure/2019/May/11
- http://seclists.org/fulldisclosure/2019/May/11
- http://seclists.org/fulldisclosure/2019/May/13
- http://seclists.org/fulldisclosure/2019/May/13
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/105658
- http://www.securityfocus.com/bid/105658
- https://access.redhat.com/errata/RHSA-2020:0481
- https://access.redhat.com/errata/RHSA-2020:0481
- https://access.redhat.com/errata/RHSA-2020:0729
- https://access.redhat.com/errata/RHSA-2020:0729
- https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc
- https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc
- https://github.com/jquery/jquery/issues/2432
- https://github.com/jquery/jquery/issues/2432
- https://github.com/jquery/jquery/pull/2588
- https://github.com/jquery/jquery/pull/2588
- https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2
- https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2
- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04
- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
- https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E
- https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E
- https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E
- https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E
- https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E
- https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E
- https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
- https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
- https://seclists.org/bugtraq/2019/May/18
- https://seclists.org/bugtraq/2019/May/18
- https://security.netapp.com/advisory/ntap-20210108-0004/
- https://security.netapp.com/advisory/ntap-20210108-0004/
- https://snyk.io/vuln/npm:jquery:20150627
- https://snyk.io/vuln/npm:jquery:20150627
- https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf
- https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.tenable.com/security/tns-2019-08
- https://www.tenable.com/security/tns-2019-08