Vulnerabilities > CVE-2015-9251 - Cross-site Scripting vulnerability in multiple products

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
jquery
oracle
CWE-79
nessus

Summary

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Vulnerable Configurations

Part Description Count
Application
Jquery
266
Application
Oracle
168

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Embedding Scripts in Non-Script Elements
    This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Cross-Site Scripting in Error Pages
    An attacker distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block of exploit code in order to have the exploit become live code in the resulting error page. When the third party web server receives the crafted request and notes the error it then creates an error message that echoes the malformed message, including the exploit. Doing this converts the exploit portion of the message into to valid language elements that are executed by the viewing browser. When a victim executes the query provided by the attacker the infected error message error message is returned including the exploit code which then runs in the victim's browser. XSS can result in execution of code as well as data leakage (e.g. session cookies can be sent to the attacker). This type of attack is especially dangerous since the exploit appears to come from the third party web server, who the victim may trust and hence be more vulnerable to deception.
  • Cross-Site Scripting Using Alternate Syntax
    The attacker uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_ED8D5535CA7811E9980B999FF59C22EA.NASL
    descriptionRuby news : There are multiple vulnerabilities about Cross-Site Scripting (XSS) in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc. The following vulnerabilities have been reported. CVE-2012-6708 CVE-2015-9251
    last seen2020-06-01
    modified2020-06-02
    plugin id128404
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128404
    titleFreeBSD : RDoc -- multiple jQuery vulnerabilities (ed8d5535-ca78-11e9-980b-999ff59c22ea)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2019 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128404);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2012-6708", "CVE-2015-9251");
    
      script_name(english:"FreeBSD : RDoc -- multiple jQuery vulnerabilities (ed8d5535-ca78-11e9-980b-999ff59c22ea)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Ruby news :
    
    There are multiple vulnerabilities about Cross-Site Scripting (XSS) in
    jQuery shipped with RDoc which bundled in Ruby. All Ruby users are
    recommended to update Ruby to the latest release which includes the
    fixed version of RDoc.
    
    The following vulnerabilities have been reported.
    
    CVE-2012-6708
    
    CVE-2015-9251"
      );
      # https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1475b8d4"
      );
      # https://vuxml.freebsd.org/freebsd/ed8d5535-ca78-11e9-980b-999ff59c22ea.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?caf61e14"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:rubygem-rdoc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"ruby>=2.4.0,1<2.4.7,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"ruby>=2.5.0,1<2.5.6,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"ruby>=2.6.0,1<2.6.3,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"rubygem-rdoc<6.1.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idORACLE_WEBLOGIC_SERVER_CPU_OCT_2019.NASL
    descriptionThe version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the jquery component of the Web Services of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized update, insert, or delete access to some of Oracle WebLogic Server accessible data. (CVE-2015-9251) - An unspecified vulnerability in the Web Services component of Oracle Weblogic Server. An unauthenticated, remote attacker unauthorized can exploit this to gain read access to some of Oracle WebLogic Server accessible data. (CVE-2019-2887) - An unspecified vulnerability in the Web Services component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized read access to some of Oracle WebLogic Server accessible data. (CVE-2019-2888) - An unspecified vulnerability in the Web Services component of Oracle Weblogic Server. An authenticated, high priviledge remote attacker can exploit this to compromise Oracle WebLogic Server. (CVE-2019-2890) - An unspecified vulnerability in the console component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle WebLogic Server. (CVE-2019-2891) - An unspecified vulnerability in the SOAP with Attachments API for Java component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized update, insert, or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. (CVE-2019-2907) - An unspecified vulnerability in the ADF Faces jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle JDeveloper and ADF resulting in an unauthorized update, insert, or delete access to some of OracleJDeveloper & ADF accessible data as well as unauthorized read access to a subset of Oracle JDeveloper & ADF accessible data. (CVE-2019-11358) - An unspecified vulnerability in the Web Container jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle Service Bus resulting in an unauthorized update, insert, or delete access to some of Service Bus data as well as unauthorized read access to a subset of Oracle Service Bus accessible data. (CVE-2019-11358) - An unspecified vulnerability in the console jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle WebLogic Server resulting in an unauthorized update, insert, or delete access to some of Oracle WebLogic Server data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. (CVE-2019-11358) - An unspecified vulnerability in the Web Container Faces jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle Service Bus resulting in an unauthorized update, insert, or delete access to some of Oracle WebLogic Server data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. (CVE-2019-17091)
    last seen2020-06-01
    modified2020-06-02
    plugin id130012
    published2019-10-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130012
    titleOracle WebLogic Server Multiple Vulnerabilities (Oct 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130012);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/30");
    
      script_cve_id(
        "CVE-2015-9251",
        "CVE-2019-2887",
        "CVE-2019-2888",
        "CVE-2019-2890",
        "CVE-2019-2891",
        "CVE-2019-2889",
        "CVE-2019-2907",
        "CVE-2019-11358",
        "CVE-2019-17091"
      );
      script_bugtraq_id(105658, 108023);
      script_xref(name:"IAVA", value:"2019-A-0382");
    
      script_name(english:"Oracle WebLogic Server Multiple Vulnerabilities (Oct 2019 CPU)");
      script_summary(english:"Checks the version of Oracle WebLogic to ensure the October 2019 CPU is applied.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application server installed on the remote host is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle WebLogic Server installed on the remote host is
    affected by multiple vulnerabilities:
    
    	-  An unspecified vulnerability in the jquery component of the 
           Web Services of Oracle Weblogic Server.  An unauthenticated, 
           remote attacker can exploit this to gain unauthorized update, 
           insert, or delete access to some of Oracle WebLogic Server 
           accessible data. (CVE-2015-9251) 
    
    	-  An unspecified vulnerability in the Web Services component of 
           Oracle Weblogic Server.  An unauthenticated, remote attacker 
           unauthorized can exploit this to gain read access to some of 
           Oracle WebLogic Server accessible data. (CVE-2019-2887)
    
        -  An unspecified vulnerability in the Web Services component of 
           Oracle Weblogic Server.  An unauthenticated, remote attacker 
           can exploit this to gain unauthorized read access to some of 
           Oracle WebLogic Server accessible data. (CVE-2019-2888)
    
        -  An unspecified vulnerability in the Web Services component of 
           Oracle Weblogic Server.  An authenticated, high priviledge 
           remote attacker can exploit this to compromise 
           Oracle WebLogic Server. (CVE-2019-2890)
    
        -  An unspecified vulnerability in the console component of 
           Oracle Weblogic Server.  An unauthenticated, remote attacker 
           can exploit this to compromise Oracle WebLogic Server. 
           (CVE-2019-2891)
    
        -  An unspecified vulnerability in the SOAP with Attachments API 
           for Java component of Oracle Weblogic Server.  An 
           unauthenticated, remote attacker can exploit this to gain
           unauthorized update, insert, or delete access to some of 
           Oracle Web Services accessible data as well as unauthorized 
           read access to a subset of Oracle Web Services accessible 
           data. (CVE-2019-2907)
           
        -  An unspecified vulnerability in the ADF Faces jQuery component
           of Oracle Weblogic Server.  An unauthenticated, remote 
           attacker can exploit this to compromise Oracle 
           JDeveloper and ADF resulting in an unauthorized update, 
           insert, or delete access to some of OracleJDeveloper & ADF 
           accessible data as well as unauthorized read access to a 
           subset of Oracle JDeveloper & ADF accessible data. 
           (CVE-2019-11358)
    
        -  An unspecified vulnerability in the Web Container jQuery 
           component of Oracle Weblogic Server.  An unauthenticated, 
           remote attacker can exploit this to compromise 
           Oracle Service Bus resulting in an unauthorized update, 
           insert, or delete access to some of Service Bus data as well 
           as unauthorized read access to a subset of Oracle Service Bus 
           accessible data. (CVE-2019-11358)
    
        -  An unspecified vulnerability in the console jQuery component 
           of Oracle Weblogic Server.  An unauthenticated, remote 
           attacker can exploit this to compromise Oracle 
           WebLogic Server resulting in an unauthorized update, insert, 
           or delete access to some of Oracle WebLogic Server data as 
           well as unauthorized read access to a subset of Oracle 
           WebLogic Server accessible data. (CVE-2019-11358)
    
        -  An unspecified vulnerability in the Web Container Faces jQuery
           component of Oracle Weblogic Server.  An unauthenticated, 
           remote attacker can exploit this to compromise 
           Oracle Service Bus resulting in an unauthorized update, 
           insert, or delete access to some of Oracle WebLogic Server 
           data as well as unauthorized read access to a subset of Oracle
           WebLogic Server accessible data. (CVE-2019-17091)");
      # https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b370bc74");
      # https://www.oracle.com/technetwork/security-advisory/cpuoct2019verbose-5072833.html#FMW
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3d73bb23");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the October 2019 Oracle
    Critical Patch Update advisory.
    
    Refer to Oracle for any additional patch instructions or
    mitigation options.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2891");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"agent", value:"all");
    
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:weblogic_server");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_weblogic_server_installed.nbin", "os_fingerprint.nasl");
      script_require_keys("installed_sw/Oracle WebLogic Server");
    
      exit(0);
    }
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('install_func.inc');
    include('obj.inc');
    include('spad_log_func.inc');
    
    app_name = "Oracle WebLogic Server";
    
    install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
    ohome = install["Oracle Home"];
    subdir = install["path"];
    version = install["version"];
    
    fix = NULL;
    fix_ver = NULL;
    
    spad_log(message:"checking version [" + version + "]");
    # individual security patches
    if (version =~ "^12\.2\.1\.3($|[^0-9])")
    {
      fix_ver = "12.2.1.3.191015";
      fix = make_list("30386660");
    }
    else if (version =~ "^12\.1\.3\.")
    {
      fix_ver = "12.1.3.0.191015";
      fix = make_list("30108725");
    }
    else if (version =~ "^10\.3\.6\.")
    {
      fix_ver = "10.3.6.0.191015";
      fix = make_list("3L3H"); # patchid is obtained from the readme and 10.3.6.x assets are different
    }
    else
      audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);
    
    spad_log(message:"checking fix [" + obj_rep(fix) + "]");
    PATCHED=FALSE;
    
    # Iterate over the list of patches and check the install for the patchID
    foreach id (fix)
    {
     spad_log(message:"Checking fix id: [" + id +"]");
     if (install[id])
     {
       PATCHED=TRUE;
       break;
     }
    }
    
    VULN=FALSE;
    if (ver_compare(ver:version, fix:fix_ver, strict:FALSE) == -1)
      VULN=TRUE;
    
    if (PATCHED || !VULN)
      audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);
    
    os = get_kb_item_or_exit("Host/OS");
    if ('windows' >< tolower(os))
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    }
    else port = 0;
    
    report =
      '\n  Oracle Home    : ' + ohome +
      '\n  Install path   : ' + subdir +
      '\n  Version        : ' + version +
      '\n  Fixes          : ' + join(sep:", ", fix);
    
    security_report_v4(extra:report, severity:SECURITY_WARNING, port:port);
    
  • NASL familyMisc.
    NASL idORACLE_BI_PUBLISHER_JUL_2019_CPU.NASL
    descriptionThe version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.9.x prior to 11.1.1.9.190716 or 12.2.1.4.x prior to 12.2.1.4.190716. It is, therefore, affected by multiple vulnerabilities as noted in the July 2019 Critical Patch Update advisory: - An unspecified vulnerability in the BI Publisher Security component of Oracle BI Publisher (formerly XML Publisher) that could allow a privileged attacker with network access via HTTP to compromise Oracle BI Publisher . A successful attack of this vulnerability could result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. The attack requires human interaction. (CVE-2019-2771) - An unspecified vulnerability in the Web Service API component of Oracle BI Publisher (formerly XML Publisher) that could allow an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher . A successful attack of this vulnerability could result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. (CVE-2019-2742) - An unspecified vulnerability in the BI Platform Security (jQuery) component of Oracle BI Publisher (formerly XML Publisher) that could allow a unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher . A successful attack of this vulnerability could result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. The attack requires human interaction. (CVE-2015-9251) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-05-31
    modified2019-07-17
    plugin id126776
    published2019-07-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126776
    titleOracle Business Intelligence Publisher Multiple Vulnerabilities (Jul 2019 CPU)
  • NASL familyWeb Servers
    NASL idIBM_TEM_9_5_12.NASL
    descriptionAccording to its self-reported version, the IBM BigFix Platform application running on the remote host is 9.5.x prior to 9.5.12. It is, therefore, affected by multiple vulnerabilities : - An arbitrary file upload vulnerability exists in IBM BigFix Platform. An authenticated, remote attacker can exploit this to upload arbitrary files on the remote host as the root user. (CVE-2019-4013) - An information disclosure vulnerability exists in IBM BigFix Platform due to the PortSmash side-channel attack against processors leveraging SMT/Hyper-Threading. An authenticated, local attacker can exploit this to disclose potentially sensitive information. (CVE-2018-5407) - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id124565
    published2019-05-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124565
    titleIBM BigFix Platform 9.5.x < 9.5.12 Multiple Vulnerabilities
  • NASL familyMisc.
    NASL idORACLE_OATS_CPU_JAN_2019.NASL
    descriptionThe version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Enterprise Manager Base Platform Agent Next Gen (Jython) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2016-4000) - Enterprise Manager Base Platform Discovery Framework (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Base Platform. (CVE-2018-0732) - Enterprise Manager Ops Center Networking (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Ops Center Platform. (CVE-2018-0732) - Oracle Application Testing Suite Load Testing for Web Apps (Spring Framework) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2018-1258) - Enterprise Manager Base Platform EM Console component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access. (CVE-2018-3303) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3304) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3305) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-12023) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-14718) - Enterprise Manager Ops Center Networking (cURL) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager Ops Center. (CVE-2018-1000300)
    last seen2020-06-01
    modified2020-06-02
    plugin id121257
    published2019-01-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121257
    titleOracle Application Testing Suite Multiple Vulnerabilities (Jan 2019 CPU)
  • NASL familyCGI abuses
    NASL idORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2019.NASL
    descriptionAccording to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 15.x or 16.x prior to 16.2.15.9 or 17.7.x prior to 17.12.11 or 18.x prior to 18.8.11. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability exists in the Apache Solr subcomponent of Primavera Unifier. An unauthenticated, remote attacker can exploit this, via a specially crafted request to the Solr Config API, to execute arbitrary code on the target host. (CVE-2019-0192) - A denial of service (DoS) vulnerability exists in the Apache Tika subcomponent of Primavera Unifier due to incorrect parsing of a crafted sqlite file. An unauthenticated, remote attacker can exploit this issue by convincing a user to open a specially crafted file to cause the application to stop responding. (CVE-2018-17197) - A server side request forgery exists in the Apache Solr subcomponent of Primavera Unifier. An unauthenticated remote attacker can exploit this issue to make Solr perform an HTTP GET request to any reachable URL. (CVE-2017-3164) - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id126829
    published2019-07-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126829
    titleOracle Primavera Unifier Multiple Vulnerabilities (Jul 2019 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0737-1.NASL
    descriptionThis update for ruby2.5 toversion 2.5.7 fixes the following issues : ruby 2.5 was updated to version 2.5.7 CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804). CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990). CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992). CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994). CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995). CVE-2012-6708: Fixed an XSS in JQuery CVE-2015-9251: Fixed an XSS in JQuery Fixed unit tests (bsc#1140844) Removed some unneeded test files (bsc#1162396). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2020-03-23
    plugin id134824
    published2020-03-23
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134824
    titleSUSE SLED15 / SLES15 Security Update : Recommended update for ruby2.5 (SUSE-SU-2020:0737-1)
  • NASL familyMisc.
    NASL idORACLE_BI_PUBLISHER_OCT_2019_CPU.NASL
    descriptionThe version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.9.x prior to 11.1.1.9.191015 or 12.2.1.3.x prior to 12.2.1.3.191015 or 12.2.1.4.x prior to 12.2.1.4.191015. It is, therefore, affected by multiple vulnerabilities as noted in the October 2019 Critical Patch Update advisory: - An unspecified vulnerability in the Installation component of Oracle BI Publisher that allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. (CVE-2019-2905) - An unspecified vulnerability in the MobileService component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTP to compromise BI Publisher. A successful attack requires human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. (CVE-2019-2906) - An unspecified vulnerability in the BI PublisherSecurity component of Oracle BI Publisher could allow a low privileged attacker with networkaccess via HTTP to compromise Oracle BI Publisher. A successful attack of this vulnerability canresult in unauthorized read access to a subset of BIPublisher accessible data (CVE-2019-2898) - An unspecified vulnerability in the Analytics Actions component of Oracle BI Publisher could allow a low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. (CVE-2019-2897) - An unspecified vulnerability in the Secure Store (OpenSSL) component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTPS to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher data. (CVE-2019-1559) - An unspecified vulnerability in the BI Platform Security (JQuery) component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. (CVE-2016-7103) - An unspecified vulnerability in the Analytics Actions component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. (CVE-2019-2900) - An unspecified vulnerability in the BI Platform Security component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. (CVE-2019-3012) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-05-31
    modified2019-11-06
    plugin id130589
    published2019-11-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130589
    titleOracle Business Intelligence Publisher Multiple Vulnerabilities (Oct 2019 CPU)
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the subcomponent Networking (jQuery) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attacks requires human interaction and can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. (CVE-2015-9251) - An unspecified vulnerability in the subcomponent Networking (OpenSSL) of the Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability could result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. (CVE-2018-0732) - An unspecified vulnerability in the subcomponent Networking (cURL) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attack requires human interaction from a person other than the attacker and can result in takeover of Enterprise Manager Ops Center. (CVE-2018-1000300)
    last seen2020-06-01
    modified2020-06-02
    plugin id131184
    published2019-11-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131184
    titleOracle Enterprise Manager Ops Center (Jan 2019 CPU)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-395.NASL
    descriptionThis update for ruby2.5 toversion 2.5.7 fixes the following issues: &#9; ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804). - CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990). - CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992). - CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995). - CVE-2012-6708: Fixed an XSS in JQuery - CVE-2015-9251: Fixed an XSS in JQuery - Fixed unit tests (bsc#1140844) - Removed some unneeded test files (bsc#1162396). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-04-07
    modified2020-04-02
    plugin id135161
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135161
    titleopenSUSE Security Update : ruby2.5 (openSUSE-2020-395)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_416CA0F43FE011E9BBDD6805CA0B3D42.NASL
    descriptionBestPractical reports : The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting (XSS) vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longer receives official updates, however a fix was posted with recommendations for applications to patch locally, so RT will follow this recommendation and ship with a patched version.
    last seen2020-06-01
    modified2020-06-02
    plugin id122657
    published2019-03-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122657
    titleFreeBSD : rt -- XSS via jQuery (416ca0f4-3fe0-11e9-bbdd-6805ca0b3d42)
  • NASL familyCGI abuses
    NASL idORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2020.NASL
    descriptionAccording to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.18, 16.x prior to 16.2.11, 17.x prior to 17.12.6, or 18.x prior to 18.8.8.1. It is, therefore, affected by multiple vulnerabilities, including the following: - Two Polymorphic Typing issues present in FasterXML jackson-databind related to com.zaxxer.hikari.HikariDataSource which can be exploited by remote, unauthenticated attackers. (CVE-2019-16335, CVE-2019-14540) - A man-in-the-middle vulnerability caused by the getCN function in Apache Axis not properly verifying that the server hostname matches a domain name in the subject
    last seen2020-05-08
    modified2020-01-15
    plugin id132936
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132936
    titleOracle Primavera Gateway Multiple Vulnerabilities (Jan 2020 CPU)
  • NASL familyCGI abuses : XSS
    NASL idJQUERY_3_0_0.NASL
    descriptionThe version of JQuery library hosted on the remote web server is prior to 3.0.0. It is, therefore, affected by a cross site scripting vulnerability when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed
    last seen2020-06-01
    modified2020-06-02
    plugin id125152
    published2019-05-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125152
    titleJQuery < 3.0.0 XSS
  • NASL familyCGI abuses
    NASL idORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2018.NASL
    descriptionAccording to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.15, 16.x prior to 16.2.8, or 17.x prior to 17.12.3. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-04-30
    modified2018-11-02
    plugin id118714
    published2018-11-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118714
    titleOracle Primavera Gateway Multiple Vulnerabilities (Oct 2018 CPU)

Redhat

advisories
  • rhsa
    idRHSA-2020:0481
  • rhsa
    idRHSA-2020:0729

References