Vulnerabilities > CVE-2016-1000031 - Improper Access Control vulnerability in Apache Commons Fileupload
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Embedding Scripts within Scripts An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
- Signature Spoofing by Key Theft An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family CGI abuses NASL id ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL description According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - A deserialization vulnerability in jackson-databind, a fast and powerful JSON library for Java, allows an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. (CVE-2018-19362) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 124170 published 2019-04-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124170 title Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124170); script_version("1.3"); script_cvs_date("Date: 2019/10/18 8:01:08"); script_cve_id( "CVE-2016-1000031", "CVE-2017-9798", "CVE-2018-8034", "CVE-2018-11763", "CVE-2018-11784", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362" ); script_bugtraq_id( 93604, 100872, 104895, 105414, 105524 ); script_name(english:"Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)"); script_summary(english:"Checks the version of Oracle Primavera Unifier."); script_set_attribute(attribute:"synopsis", value: "An application running on the remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - A deserialization vulnerability in jackson-databind, a fast and powerful JSON library for Java, allows an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. (CVE-2018-19362) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9166970d"); script_set_attribute(attribute:"solution", value: "Upgrade to Oracle Primavera Unifier version 16.2.15.7 / 17.12.10 / 18.8.6 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000031"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/19"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"x-cpe:/a:oracle:primavera_unifier"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_primavera_unifier.nbin"); script_require_keys("installed_sw/Oracle Primavera Unifier", "www/weblogic"); script_require_ports("Services/www", 8002); exit(0); } include("http.inc"); include("vcf.inc"); get_install_count(app_name:"Oracle Primavera Unifier", exit_if_zero:TRUE); port = get_http_port(default:8002); get_kb_item_or_exit("www/weblogic/" + port + "/installed"); app_info = vcf::get_app_info(app:"Oracle Primavera Unifier", port:port); vcf::check_granularity(app_info:app_info, sig_segments:3); constraints = [ { "min_version" : "16.1.0.0", "fixed_version" : "16.2.15.7" }, { "min_version" : "17.7.0.0", "fixed_version" : "17.12.10" }, { "min_version" : "18.8.0.0", "fixed_version" : "18.8.6" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
NASL family Misc. NASL id ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734) - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258) last seen 2020-06-01 modified 2020-06-02 plugin id 125147 published 2019-05-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125147 title Oracle Enterprise Manager Ops Center (Apr 2019 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(125147); script_version("1.2"); script_cvs_date("Date: 2019/05/17 9:44:17"); script_cve_id( "CVE-2016-1000031", "CVE-2018-0161", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-5407", "CVE-2018-11763", "CVE-2017-9798", "CVE-2018-1258", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-1257", "CVE-2018-15756" ); script_bugtraq_id( 93604, 100872, 103573, 104222, 104260, 105414, 105703, 105750, 105758, 105897, 107984, 107986 ); script_xref(name:"IAVA", value:"2019-A-0130"); script_name(english:"Oracle Enterprise Manager Ops Center (Apr 2019 CPU)"); script_summary(english:"Checks for the patch ID."); script_set_attribute(attribute:"synopsis", value: "An enterprise management application installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734) - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258) "); # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9166970d"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the April 2019 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000031"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"agent", value:"unix"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin"); script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center"); exit(0); } include('global_settings.inc'); include('misc_func.inc'); include('install_func.inc'); get_kb_item_or_exit('Host/local_checks_enabled'); app_name = 'Oracle Enterprise Manager Ops Center'; install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE); version = install['version']; version_full = install['Full Patch Version']; path = install['path']; patch_version = install['Patch Version']; patchid = NULL; fix = NULL; if (version_full =~ "^12\.3\.3\.") { patchid = '29623885'; fix = '1819'; } if (isnull(patchid)) audit(AUDIT_HOST_NOT, 'affected'); if (ver_compare(ver:patch_version, fix:fix, strict:FALSE) != -1) audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_full, path); report = '\n Path : ' + path + '\n Version : ' + version + '\n Ops Agent Version : ' + version_full + '\n Current Patch : ' + patch_version + '\n Fixed Patch Version : ' + fix + '\n Fix : ' + patchid; security_report_v4(extra:report, severity:SECURITY_HOLE, port:0);
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1399.NASL description This update for jakarta-commons-fileupload fixes the following issue : Security issue fixed : - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 125212 published 2019-05-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125212 title openSUSE Security Update : jakarta-commons-fileupload (openSUSE-2019-1399) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1399. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(125212); script_version("1.2"); script_cvs_date("Date: 2020/01/15"); script_cve_id("CVE-2016-1000031"); script_xref(name:"TRA", value:"TRA-2016-12"); script_name(english:"openSUSE Security Update : jakarta-commons-fileupload (openSUSE-2019-1399)"); script_summary(english:"Check for the openSUSE-2019-1399 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for jakarta-commons-fileupload fixes the following issue : Security issue fixed : - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128829" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128963" ); script_set_attribute( attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2016-12" ); script_set_attribute( attribute:"solution", value:"Update the affected jakarta-commons-fileupload packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload-javadoc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"jakarta-commons-fileupload-1.1.1-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"jakarta-commons-fileupload-javadoc-1.1.1-lp150.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jakarta-commons-fileupload / jakarta-commons-fileupload-javadoc"); }
NASL family Windows NASL id ORACLE_WEBCENTER_SITES_JUL_2019_CPU.NASL description Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities : - A deserialization vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Apache Groovy)) due to a lack of isolation of object deserialization code. An unauthenticated, remote attacker can exploit this, via HTTP, to execute arbitrary code on the target host. (CVE-2016-6814) - A remote code execution vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Apache Commons FileUpload)) due to an unspecified reason. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2016-1000031) - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Third Party Tools (Apache Batik)) due to an issue with deserialization. An unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop functioning properly. (CVE-2018-8013) - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Spring Framework)) due to an issue handling range requests with a high number of ranges, wide ranges that overlap, or both. An unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop responding. (CVE-2018-15765) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application last seen 2020-05-03 modified 2020-04-29 plugin id 136091 published 2020-04-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136091 title Oracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU) code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(136091); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/27"); script_cve_id( "CVE-2016-6814", "CVE-2016-1000031", "CVE-2018-8013", "CVE-2018-15756" ); script_xref(name:"IAVA", value:"2019-A-0256"); script_name(english:"Oracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU)"); script_set_attribute(attribute:"synopsis", value: "An application running on the remote host is affected by multiple security vulnerabilities."); script_set_attribute(attribute:"description", value: "Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities : - A deserialization vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Apache Groovy)) due to a lack of isolation of object deserialization code. An unauthenticated, remote attacker can exploit this, via HTTP, to execute arbitrary code on the target host. (CVE-2016-6814) - A remote code execution vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Apache Commons FileUpload)) due to an unspecified reason. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2016-1000031) - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Third Party Tools (Apache Batik)) due to an issue with deserialization. An unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop functioning properly. (CVE-2018-8013) - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Spring Framework)) due to an issue handling range requests with a high number of ranges, wide ranges that overlap, or both. An unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop responding. (CVE-2018-15765) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujul2019.html"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the July 2019 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000031"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_webcenter_sites_installed.nbin"); script_require_keys("SMB/WebCenter_Sites/Installed"); exit(0); } get_kb_item_or_exit('SMB/WebCenter_Sites/Installed'); port = get_kb_item('SMB/transport'); if (isnull(port)) port = 445; versions = get_kb_list('SMB/WebCenter_Sites/*/Version'); if (isnull(versions)) exit(1, 'Unable to obtain a version list for Oracle WebCenter Sites.'); report = ''; # vulnerable versions: # - 12.2.1.3.0 - Revision 185862, Patch 29957990 # Note that the revision does not match up with the version suffix shown in the readme foreach key (keys(versions)) { fix = ''; version = versions[key]; revision = get_kb_item(key - '/Version' + '/Revision'); path = get_kb_item(key - '/Version' + '/Path'); if (isnull(version) || isnull(revision)) continue; # Patch 29957990 - 12.2.1.3.0 < Revision 185862 if (version =~ "^12\.2\.1\.3\.0$" && revision < 185862) { fix = '\n Fixed revision : 185862' + '\n Required patch : 29957990'; } if (fix != '') { if (!isnull(path)) report += '\n Path : ' + path; report += '\n Version : ' + version + '\n Revision : ' + revision + fix + '\n'; } } if (report != '') security_report_v4(port:port, extra:report, severity:SECURITY_HOLE); else audit(AUDIT_INST_VER_NOT_VULN, "Oracle WebCenter Sites");
NASL family Misc. NASL id ORACLE_OATS_CPU_JUL_2019.NASL description The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities: - A deserialization vulnerability exists in Apache Commons FileUpload library. An unauthenticated, remote attacker can exploit this, via customized Java serialised object, to execute arbitrary code on the target host. (CVE-2016-1000031) - An unspecified vulnerability in the Load Testing for Web Apps component of Oracle Application Testing Suite, which could allow an unauthenticated, remote attacker to read, update, or delete Oracle Application Testing Suite accessible data and gives an ability to cause a partial denial of service (partial DOS). (CVE-2019-2727) last seen 2020-06-01 modified 2020-06-02 plugin id 126788 published 2019-07-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126788 title Oracle Application Testing Suite Multiple Vulnerabilities (Jul 2019 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(126788); script_version("1.2"); script_cvs_date("Date: 2019/10/18 23:14:15"); script_cve_id("CVE-2016-1000031", "CVE-2019-2727"); script_bugtraq_id(93604, 109183); script_xref(name:"TRA", value:"TRA-2016-12"); script_name(english:"Oracle Application Testing Suite Multiple Vulnerabilities (Jul 2019 CPU)"); script_summary(english:"Checks version of Oracle Application Testing suite"); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities: - A deserialization vulnerability exists in Apache Commons FileUpload library. An unauthenticated, remote attacker can exploit this, via customized Java serialised object, to execute arbitrary code on the target host. (CVE-2016-1000031) - An unspecified vulnerability in the Load Testing for Web Apps component of Oracle Application Testing Suite, which could allow an unauthenticated, remote attacker to read, update, or delete Oracle Application Testing Suite accessible data and gives an ability to cause a partial denial of service (partial DOS). (CVE-2019-2727)"); # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixEM script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a3c39eb"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the July 2019 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2727"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:application_testing_suite"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_application_testing_suite_installed.nbin"); script_require_keys("installed_sw/Oracle Application Testing Suite"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('smb_func.inc'); include('install_func.inc'); app_name = 'Oracle Application Testing Suite'; install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE); ohome = install['Oracle Home']; subdir = install['path']; version = install['version']; fix = NULL; fix_ver = NULL; # individual security patches if (version =~ "^13\.3\.0\.1\.") { fix_ver = '13.3.0.1.322'; fix = '29920866'; } else if (version =~ "^13\.2\.0\.1\.") { fix_ver = '13.2.0.1.241'; fix = '29920864'; } else if (version =~ "^13\.1\.0\.1\.") { fix_ver = '13.1.0.1.429'; fix = '29907188'; } else # flag all 12.5.0.3.x fix_ver = '12.5.0.3.999999'; # Vulnerble versions that need to patch if (ver_compare(ver:version, fix:fix_ver, strict:FALSE) == -1) { report = '\n Oracle home : ' + ohome + '\n Install path : ' + subdir + '\n Version : ' + version; if (!isnull(fix)) report += '\n Required patch : ' + fix + '\n'; else report += '\n Upgrade to 13.1.0.1 / 13.2.0.1 / 13.3.0.1 and apply the ' + 'appropriate patch according to the July 2019 Oracle ' + 'Critical Patch Update advisory.' + '\n'; security_report_v4(extra:report, port:0, severity:SECURITY_HOLE); } else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);
NASL family Misc. NASL id STRUTS_2_5_12.NASL description The version of Apache Struts running on the remote host is 2.5.x prior to 2.5.12. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists when handling a specially crafted URL in a form field when the built-in URL validator is used. An unauthenticated, remote attacker can exploit this to cause the server process to overload. Note that this issue only affects version 2.5.x. (CVE-2017-7672) - A flaw exists in unspecified Spring AOP functionality that is used to secure Struts actions. An authenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-9787) - A deserialization vulnerability in Apache Commons FileUpload which could be leveraged for remote code execution. (CVE-2016-1000031) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 101548 published 2017-07-14 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101548 title Apache Struts 2.5.x < 2.5.12 Multiple DoS (S2-047) (S2-049) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(101548); script_version("1.13"); script_cvs_date("Date: 2019/02/15 10:32:14"); script_cve_id( "CVE-2016-1000031", "CVE-2017-7672", "CVE-2017-9787" ); script_bugtraq_id( 93604, 99562, 99563 ); script_xref(name:"TRA", value:"TRA-2016-12"); script_xref(name:"IAVA", value:"2018-A-0355"); script_name(english:"Apache Struts 2.5.x < 2.5.12 Multiple DoS (S2-047) (S2-049)"); script_summary(english:"Checks the Struts 2 version."); script_set_attribute(attribute:"synopsis", value: "A web application running on the remote host uses a Java framework that is affected by multiple denial of service vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Apache Struts running on the remote host is 2.5.x prior to 2.5.12. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists when handling a specially crafted URL in a form field when the built-in URL validator is used. An unauthenticated, remote attacker can exploit this to cause the server process to overload. Note that this issue only affects version 2.5.x. (CVE-2017-7672) - A flaw exists in unspecified Spring AOP functionality that is used to secure Struts actions. An authenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-9787) - A deserialization vulnerability in Apache Commons FileUpload which could be leveraged for remote code execution. (CVE-2016-1000031) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.12"); script_set_attribute(attribute:"see_also", value:"https://cwiki.apache.org/confluence/display/WW/S2-047"); script_set_attribute(attribute:"see_also", value:"https://cwiki.apache.org/confluence/display/WW/S2-049"); script_set_attribute(attribute:"see_also", value:"https://issues.apache.org/jira/browse/WW-4812"); script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2016-12"); script_set_attribute(attribute:"solution", value: "Upgrade to Apache Struts version 2.5.12 or later. Alternatively, apply the workaround referenced in the vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000031"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/14"); script_set_attribute(attribute:"agent", value:"all"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:struts"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("os_fingerprint.nasl", "struts_detect_win.nbin", "struts_detect_nix.nbin", "struts_config_browser_detect.nbin"); script_require_keys("Settings/ParanoidReport"); script_require_ports("installed_sw/Apache Struts","installed_sw/Struts"); exit(0); } include("vcf.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); app_info = vcf::combined_get_app_info(app:"Apache Struts"); vcf::check_granularity(app_info:app_info, sig_segments:3); constraints = [ { "min_version" : "2.5.0", "fixed_version" : "2.5.12" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C1265E857C9511E793AF005056925DB4.NASL description Apache Axis2 reports : The commons-fileupload dependency has been updated to a version that fixes CVE-2016-1000031 (AXIS2-5853). last seen 2020-06-01 modified 2020-06-02 plugin id 102280 published 2017-08-09 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102280 title FreeBSD : Axis2 -- Security vulnerability on dependency Apache Commons FileUpload (c1265e85-7c95-11e7-93af-005056925db4) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(102280); script_version("3.5"); script_cvs_date("Date: 2018/11/10 11:49:46"); script_cve_id("CVE-2016-1000031"); script_xref(name:"TRA", value:"TRA-2016-12"); script_name(english:"FreeBSD : Axis2 -- Security vulnerability on dependency Apache Commons FileUpload (c1265e85-7c95-11e7-93af-005056925db4)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Apache Axis2 reports : The commons-fileupload dependency has been updated to a version that fixes CVE-2016-1000031 (AXIS2-5853)." ); script_set_attribute( attribute:"see_also", value:"http://axis.apache.org/axis2/java/core/release-notes/1.7.6.html" ); script_set_attribute( attribute:"see_also", value:"https://issues.apache.org/jira/browse/AXIS2-5853" ); script_set_attribute( attribute:"see_also", value:"https://issues.apache.org/jira/browse/FILEUPLOAD-279" ); # https://vuxml.freebsd.org/freebsd/c1265e85-7c95-11e7-93af-005056925db4.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d63db941" ); script_set_attribute( attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2016-12" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:axis2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/14"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"axis2<1.7.6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Misc. NASL id STRUTS_2_3_36_FILEUPLOAD.NASL description The version of Apache Struts running on the remote host is 2.3.36 or prior. It is, therefore, affected by the following vulnerability: - A deserialization vulnerability in Apache Commons FileUpload which could be leveraged for remote code execution. (CVE-2016-1000031) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 118732 published 2018-11-05 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118732 title Apache Struts <= 2.3.36 FileUpload Deserialization Vulnerability NASL family Misc. NASL id ORACLE_BI_PUBLISHER_APR_2020_CPU.NASL description The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.9.x prior to 11.1.1.9.200414 or 12.2.1.3.x prior to 12.2.1.3.200414 or 12.2.1.4.x prior to 12.2.1.4.200414. It is, therefore, affected by multiple vulnerabilities as noted in the April 2020 Critical Patch Update advisory - An unspecified vulnerability in the Analystics Web General component of Oracle BI Published. An easily exploitable vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. A successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2020-2950) - The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an invalid curve attack. (CVE-2015-7940) - Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution (CVE-2016-1000031) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-23 modified 2020-04-16 plugin id 135678 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135678 title Oracle Business Intelligence Publisher Multiple Vulnerabilities (Apr 2020 CPU) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D70C9E18F34011E8BE460019DBB15B3F.NASL description Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution. Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GlassFish Server executes to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts). Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts). Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). last seen 2020-06-01 modified 2020-06-02 plugin id 119274 published 2018-11-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119274 title FreeBSD : payara -- Multiple vulnerabilities (d70c9e18-f340-11e8-be46-0019dbb15b3f) NASL family CGI abuses NASL id ORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL description According to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) installation running on the remote web server is 8.4 prior to 8.4.15.10, 15.x prior to 15.2.18.4, 16.x prior to 16.2.17.2, 17.x prior to 17.12.12.0, or 18.x prior to 18.8.8.0. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - A denial of service vulnerability in the bundled third-party component OpenSSL library last seen 2020-06-01 modified 2020-06-02 plugin id 124169 published 2019-04-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124169 title Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)
Related news
References
- http://www.securityfocus.com/bid/93604
- https://www.tenable.com/security/research/tra-2016-30
- http://www.zerodayinitiative.com/advisories/ZDI-16-570/
- https://issues.apache.org/jira/browse/FILEUPLOAD-279
- https://www.tenable.com/security/research/tra-2016-23
- https://www.tenable.com/security/research/tra-2016-12
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://issues.apache.org/jira/browse/WW-4812
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://security.netapp.com/advisory/ntap-20190212-0001/
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E