Vulnerabilities > CVE-2016-1000031 - Improper Access Control vulnerability in Apache Commons Fileupload

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
apache
CWE-284
critical
nessus

Summary

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyCGI abuses
    NASL idORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL
    descriptionAccording to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - A deserialization vulnerability in jackson-databind, a fast and powerful JSON library for Java, allows an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. (CVE-2018-19362) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id124170
    published2019-04-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124170
    titleOracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124170);
      script_version("1.3");
      script_cvs_date("Date: 2019/10/18  8:01:08");
    
      script_cve_id(
        "CVE-2016-1000031",
        "CVE-2017-9798",
        "CVE-2018-8034",
        "CVE-2018-11763",
        "CVE-2018-11784",
        "CVE-2018-19360",
        "CVE-2018-19361",
        "CVE-2018-19362"
      );
      script_bugtraq_id(
        93604,
        100872,
        104895,
        105414,
        105524
      );
    
      script_name(english:"Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)");
      script_summary(english:"Checks the version of Oracle Primavera Unifier.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application running on the remote web server is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the Oracle Primavera
    Unifier installation running on the remote web server is 16.x prior to
    16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, 
    therefore, affected by multiple vulnerabilities:
    
      - A deserialization vulnerability in Apache Commons
        FileUpload allows for remote code execution.
        (CVE-2016-1000031)
    
      - A denial of service (DoS) vulnerability exists in
        Apache HTTP Server 2.4.17 to 2.4.34, due to a design
        error. An unauthenticated, remote attacker can
        exploit this issue by sending continuous, large
        SETTINGS frames to cause a client to occupy a
        connection, server thread and CPU time without any
        connection timeout coming to effect. This affects
        only HTTP/2 connections. A possible mitigation is to
        not enable the h2 protocol. (CVE-2018-11763).
    
      - A deserialization vulnerability in jackson-databind, a
        fast and powerful JSON library for Java, allows an
        unauthenticated user to perform code execution. The
        issue was resolved by extending the blacklist and
        blocking more classes from polymorphic deserialization.
        (CVE-2018-19362)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9166970d");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Oracle Primavera Unifier version 16.2.15.7 / 17.12.10 / 18.8.6 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000031");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/19");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/a:oracle:primavera_unifier");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_primavera_unifier.nbin");
      script_require_keys("installed_sw/Oracle Primavera Unifier", "www/weblogic");
      script_require_ports("Services/www", 8002);
    
      exit(0);
    }
    
    include("http.inc");
    include("vcf.inc");
    
    get_install_count(app_name:"Oracle Primavera Unifier", exit_if_zero:TRUE);
    
    port = get_http_port(default:8002);
    get_kb_item_or_exit("www/weblogic/" + port + "/installed");
    
    app_info = vcf::get_app_info(app:"Oracle Primavera Unifier", port:port);
    
    vcf::check_granularity(app_info:app_info, sig_segments:3);
    
    constraints = [
      { "min_version" : "16.1.0.0", "fixed_version" : "16.2.15.7" },
      { "min_version" : "17.7.0.0", "fixed_version" : "17.12.10" },
      { "min_version" : "18.8.0.0", "fixed_version" : "18.8.6" }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE); 
    
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734) - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258)
    last seen2020-06-01
    modified2020-06-02
    plugin id125147
    published2019-05-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125147
    titleOracle Enterprise Manager Ops Center (Apr 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125147);
      script_version("1.2");
      script_cvs_date("Date: 2019/05/17  9:44:17");
    
      script_cve_id(
        "CVE-2016-1000031",
        "CVE-2018-0161",
        "CVE-2018-0734",
        "CVE-2018-0735",
        "CVE-2018-5407",
        "CVE-2018-11763",
        "CVE-2017-9798",
        "CVE-2018-1258",
        "CVE-2018-11039",
        "CVE-2018-11040",
        "CVE-2018-1257",
        "CVE-2018-15756"
      );
    
      script_bugtraq_id(
        93604,
        100872,
        103573,
        104222,
        104260,
        105414,
        105703,
        105750,
        105758,
        105897,
        107984,
        107986
      );
      script_xref(name:"IAVA", value:"2019-A-0130");
    
      script_name(english:"Oracle Enterprise Manager Ops Center (Apr 2019 CPU)");
      script_summary(english:"Checks for the patch ID.");
      script_set_attribute(attribute:"synopsis", value:
    "An enterprise management application installed on the remote host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle Enterprise Manager Cloud Control installed on
    the remote host is affected by multiple vulnerabilities in
    Enterprise Manager Base Platform component:
    
      - A deserialization vulnerability in Apache Commons
        FileUpload allows for remote code execution.
        (CVE-2016-1000031)
    
      - An information disclosure vulnerability exists in OpenSSL
        due to the potential for a side-channel timing attack.
        An unauthenticated attacker can exploit this to disclose
        potentially sensitive information. (CVE-2018-0734)
    
      - A denial of service (DoS) vulnerability exists in Apache
        HTTP Server 2.4.17 to 2.4.34, due to a design error. An
        unauthenticated, remote attacker can exploit this issue
        by sending continuous, large SETTINGS frames to cause a
        client to occupy a connection, server thread and CPU
        time without any connection timeout coming to effect.
        This affects only HTTP/2 connections. A possible
        mitigation is to not enable the h2 protocol.
        (CVE-2018-11763).
    
      - Networking component of Enterprise Manager Base Platform
        (Spring Framework) is easily exploited and may allow an
        unauthenticated, remote attacker to takeover the
        Enterprise Manager Base Platform. (CVE-2018-1258)
    
    ");
      # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9166970d");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the April 2019
    Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000031");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"agent", value:"unix");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin");
      script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center");
    
      exit(0);
    }
    
    include('global_settings.inc');
    include('misc_func.inc');
    include('install_func.inc');
    
    get_kb_item_or_exit('Host/local_checks_enabled');
    app_name = 'Oracle Enterprise Manager Ops Center';
    
    install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
    version = install['version'];
    version_full = install['Full Patch Version'];
    path = install['path'];
    patch_version = install['Patch Version'];
    
    
    patchid = NULL;
    fix = NULL;
    
    if (version_full =~ "^12\.3\.3\.")
    {
      patchid = '29623885';
      fix = '1819';
    } 
    
    if (isnull(patchid))
      audit(AUDIT_HOST_NOT, 'affected');
    
    if (ver_compare(ver:patch_version, fix:fix, strict:FALSE) != -1)
      audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_full, path);
    
    report = 
      '\n Path                : ' + path + 
      '\n Version             : ' + version + 
      '\n Ops Agent Version   : ' + version_full + 
      '\n Current Patch       : ' + patch_version + 
      '\n Fixed Patch Version : ' + fix +
      '\n Fix                 : ' + patchid;
    
    security_report_v4(extra:report, severity:SECURITY_HOLE, port:0);
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1399.NASL
    descriptionThis update for jakarta-commons-fileupload fixes the following issue : Security issue fixed : - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125212
    published2019-05-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125212
    titleopenSUSE Security Update : jakarta-commons-fileupload (openSUSE-2019-1399)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1399.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125212);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2016-1000031");
      script_xref(name:"TRA", value:"TRA-2016-12");
    
      script_name(english:"openSUSE Security Update : jakarta-commons-fileupload (openSUSE-2019-1399)");
      script_summary(english:"Check for the openSUSE-2019-1399 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for jakarta-commons-fileupload fixes the following issue :
    
    Security issue fixed :
    
      - CVE-2016-1000031: Fixed remote execution (bsc#1128963,
        bsc#1128829).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128963"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.tenable.com/security/research/tra-2016-12"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected jakarta-commons-fileupload packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:jakarta-commons-fileupload-javadoc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"jakarta-commons-fileupload-1.1.1-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"jakarta-commons-fileupload-javadoc-1.1.1-lp150.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jakarta-commons-fileupload / jakarta-commons-fileupload-javadoc");
    }
    
  • NASL familyWindows
    NASL idORACLE_WEBCENTER_SITES_JUL_2019_CPU.NASL
    descriptionOracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities : - A deserialization vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Apache Groovy)) due to a lack of isolation of object deserialization code. An unauthenticated, remote attacker can exploit this, via HTTP, to execute arbitrary code on the target host. (CVE-2016-6814) - A remote code execution vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Apache Commons FileUpload)) due to an unspecified reason. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2016-1000031) - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Third Party Tools (Apache Batik)) due to an issue with deserialization. An unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop functioning properly. (CVE-2018-8013) - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Spring Framework)) due to an issue handling range requests with a high number of ranges, wide ranges that overlap, or both. An unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop responding. (CVE-2018-15765) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application
    last seen2020-05-03
    modified2020-04-29
    plugin id136091
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136091
    titleOracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136091);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/27");
    
      script_cve_id(
        "CVE-2016-6814",
        "CVE-2016-1000031",
        "CVE-2018-8013",
        "CVE-2018-15756"
      );
      script_xref(name:"IAVA", value:"2019-A-0256");
    
      script_name(english:"Oracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU)");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application running on the remote host is affected by multiple security vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities :
    
      - A deserialization vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware
        (subcomponent: Advanced UI (Apache Groovy)) due to a lack of isolation of object deserialization code. An
        unauthenticated, remote attacker can exploit this, via HTTP, to execute arbitrary code on the target host.
        (CVE-2016-6814)
    
      - A remote code execution vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion
        Middleware (subcomponent: Advanced UI (Apache Commons FileUpload)) due to an unspecified reason. An
        unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands.
        (CVE-2016-1000031)
    
      - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion
        Middleware (subcomponent: Third Party Tools (Apache Batik)) due to an issue with deserialization. An
        unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop
        functioning properly. (CVE-2018-8013)
    
      - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion
        Middleware (subcomponent: Advanced UI (Spring Framework)) due to an issue handling range requests with
        a high number of ranges, wide ranges that overlap, or both. An unauthenticated, remote attacker can
        exploit this issue, via HTTP, to cause the application to stop responding. (CVE-2018-15765)
    
    Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's
    self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujul2019.html");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the July 2019 Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000031");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/29");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_webcenter_sites_installed.nbin");
      script_require_keys("SMB/WebCenter_Sites/Installed");
    
      exit(0);
    }
    
    get_kb_item_or_exit('SMB/WebCenter_Sites/Installed');
    
    port = get_kb_item('SMB/transport');
    if (isnull(port))
      port = 445;
    
    versions = get_kb_list('SMB/WebCenter_Sites/*/Version');
    if (isnull(versions)) exit(1, 'Unable to obtain a version list for Oracle WebCenter Sites.');
    
    report = '';
    
    # vulnerable versions: 
    # - 12.2.1.3.0 - Revision 185862, Patch 29957990
    #     Note that the revision does not match up with the version suffix shown in the readme
    
    foreach key (keys(versions))
    {
      fix = '';
    
      version = versions[key];
      revision = get_kb_item(key - '/Version' + '/Revision');
      path = get_kb_item(key - '/Version' + '/Path');
    
      if (isnull(version) || isnull(revision)) continue;
    
      # Patch 29957990 - 12.2.1.3.0 < Revision 185862
      if (version =~ "^12\.2\.1\.3\.0$" && revision < 185862)
      {
        fix = '\n  Fixed revision : 185862' +
              '\n  Required patch : 29957990';
      }
    
      if (fix != '')
      {
        if (!isnull(path)) report += '\n  Path           : ' + path;
        report += '\n  Version        : ' + version +
                  '\n  Revision       : ' + revision +
                  fix + '\n';
      }
    }
    
    if (report != '') security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
    else audit(AUDIT_INST_VER_NOT_VULN, "Oracle WebCenter Sites");
    
  • NASL familyMisc.
    NASL idORACLE_OATS_CPU_JUL_2019.NASL
    descriptionThe version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities: - A deserialization vulnerability exists in Apache Commons FileUpload library. An unauthenticated, remote attacker can exploit this, via customized Java serialised object, to execute arbitrary code on the target host. (CVE-2016-1000031) - An unspecified vulnerability in the Load Testing for Web Apps component of Oracle Application Testing Suite, which could allow an unauthenticated, remote attacker to read, update, or delete Oracle Application Testing Suite accessible data and gives an ability to cause a partial denial of service (partial DOS). (CVE-2019-2727)
    last seen2020-06-01
    modified2020-06-02
    plugin id126788
    published2019-07-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126788
    titleOracle Application Testing Suite Multiple Vulnerabilities (Jul 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126788);
      script_version("1.2");
      script_cvs_date("Date: 2019/10/18 23:14:15");
    
      script_cve_id("CVE-2016-1000031", "CVE-2019-2727");
      script_bugtraq_id(93604, 109183);
      script_xref(name:"TRA", value:"TRA-2016-12");
    
      script_name(english:"Oracle Application Testing Suite Multiple Vulnerabilities (Jul 2019 CPU)");
      script_summary(english:"Checks version of Oracle Application Testing suite");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote host is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities: 
    
      - A deserialization vulnerability exists in Apache Commons FileUpload library. An unauthenticated, remote attacker
        can exploit this, via customized Java serialised object, to execute arbitrary code on the target host.
        (CVE-2016-1000031)
    
      - An unspecified vulnerability in the Load Testing for Web Apps component of Oracle Application Testing Suite, which
        could allow an unauthenticated, remote attacker to read, update, or delete Oracle Application Testing Suite 
        accessible data and gives an ability to cause a partial denial of service (partial DOS). (CVE-2019-2727)");
      # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixEM
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a3c39eb");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the July 2019 Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2727");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:application_testing_suite");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_application_testing_suite_installed.nbin");
      script_require_keys("installed_sw/Oracle Application Testing Suite");
    
      exit(0);
    }
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('smb_func.inc');
    include('install_func.inc');
    
    app_name = 'Oracle Application Testing Suite';
    
    install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
    ohome = install['Oracle Home'];
    subdir = install['path'];
    version = install['version'];
    
    fix = NULL;
    fix_ver = NULL;
    
    # individual security patches
    if (version =~ "^13\.3\.0\.1\.")
    {
      fix_ver = '13.3.0.1.322';
      fix = '29920866';
    }
    else if (version =~ "^13\.2\.0\.1\.")
    {
      fix_ver = '13.2.0.1.241';
      fix = '29920864';
    }
    else if (version =~ "^13\.1\.0\.1\.")
    {
      fix_ver = '13.1.0.1.429';
      fix = '29907188';
    }
    else
      # flag all 12.5.0.3.x 
      fix_ver = '12.5.0.3.999999';
    
    # Vulnerble versions that need to patch
    if (ver_compare(ver:version, fix:fix_ver, strict:FALSE) == -1)
    {
      report =
        '\n  Oracle home    : ' + ohome +
        '\n  Install path   : ' + subdir +
        '\n  Version        : ' + version;
      if (!isnull(fix))
        report += '\n  Required patch : ' + fix + '\n';
      else
        report +=
          '\n  Upgrade to 13.1.0.1 / 13.2.0.1 / 13.3.0.1 and apply the ' +
          'appropriate patch according to the July 2019 Oracle ' +
          'Critical Patch Update advisory.' +
          '\n';
    
      security_report_v4(extra:report, port:0, severity:SECURITY_HOLE);
    }
    else
      audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);
    
  • NASL familyMisc.
    NASL idSTRUTS_2_5_12.NASL
    descriptionThe version of Apache Struts running on the remote host is 2.5.x prior to 2.5.12. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists when handling a specially crafted URL in a form field when the built-in URL validator is used. An unauthenticated, remote attacker can exploit this to cause the server process to overload. Note that this issue only affects version 2.5.x. (CVE-2017-7672) - A flaw exists in unspecified Spring AOP functionality that is used to secure Struts actions. An authenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-9787) - A deserialization vulnerability in Apache Commons FileUpload which could be leveraged for remote code execution. (CVE-2016-1000031) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id101548
    published2017-07-14
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101548
    titleApache Struts 2.5.x < 2.5.12 Multiple DoS (S2-047) (S2-049)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101548);
      script_version("1.13");
      script_cvs_date("Date: 2019/02/15 10:32:14");
    
      script_cve_id(
        "CVE-2016-1000031",
        "CVE-2017-7672",
        "CVE-2017-9787"
      );
      script_bugtraq_id(
        93604,
        99562,
        99563
      );
      script_xref(name:"TRA", value:"TRA-2016-12");
      script_xref(name:"IAVA", value:"2018-A-0355");
    
      script_name(english:"Apache Struts 2.5.x < 2.5.12 Multiple DoS (S2-047) (S2-049)");
      script_summary(english:"Checks the Struts 2 version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "A web application running on the remote host uses a Java framework
    that is affected by multiple denial of service vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apache Struts running on the remote host is 2.5.x 
    prior to 2.5.12. It is, therefore, affected by multiple 
    vulnerabilities :
    
      - A denial of service vulnerability exists when handling
        a specially crafted URL in a form field when the
        built-in URL validator is used. An unauthenticated,
        remote attacker can exploit this to cause the server
        process to overload. Note that this issue only affects
        version 2.5.x. (CVE-2017-7672)
    
      - A flaw exists in unspecified Spring AOP functionality
        that is used to secure Struts actions. An authenticated,
        remote attacker can exploit this to cause a denial of
        service condition. (CVE-2017-9787)
    
      - A deserialization vulnerability in Apache Commons 
        FileUpload which could be leveraged for remote
        code execution. (CVE-2016-1000031)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.12");
      script_set_attribute(attribute:"see_also", value:"https://cwiki.apache.org/confluence/display/WW/S2-047");
      script_set_attribute(attribute:"see_also", value:"https://cwiki.apache.org/confluence/display/WW/S2-049");
      script_set_attribute(attribute:"see_also", value:"https://issues.apache.org/jira/browse/WW-4812");
      script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2016-12");  
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apache Struts version 2.5.12 or later.
    Alternatively, apply the workaround referenced in the vendor advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000031");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/14");
    
      script_set_attribute(attribute:"agent", value:"all");
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:struts");
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("os_fingerprint.nasl", "struts_detect_win.nbin", "struts_detect_nix.nbin", "struts_config_browser_detect.nbin");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("installed_sw/Apache Struts","installed_sw/Struts");
    
      exit(0);
    }
    
    include("vcf.inc");
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    
    app_info = vcf::combined_get_app_info(app:"Apache Struts");
    
    vcf::check_granularity(app_info:app_info, sig_segments:3);
    
    constraints = [
      { "min_version" : "2.5.0", "fixed_version" : "2.5.12" }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C1265E857C9511E793AF005056925DB4.NASL
    descriptionApache Axis2 reports : The commons-fileupload dependency has been updated to a version that fixes CVE-2016-1000031 (AXIS2-5853).
    last seen2020-06-01
    modified2020-06-02
    plugin id102280
    published2017-08-09
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102280
    titleFreeBSD : Axis2 -- Security vulnerability on dependency Apache Commons FileUpload (c1265e85-7c95-11e7-93af-005056925db4)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102280);
      script_version("3.5");
      script_cvs_date("Date: 2018/11/10 11:49:46");
    
      script_cve_id("CVE-2016-1000031");
      script_xref(name:"TRA", value:"TRA-2016-12");
    
      script_name(english:"FreeBSD : Axis2 -- Security vulnerability on dependency Apache Commons FileUpload (c1265e85-7c95-11e7-93af-005056925db4)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Apache Axis2 reports :
    
    The commons-fileupload dependency has been updated to a version that
    fixes CVE-2016-1000031 (AXIS2-5853)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://axis.apache.org/axis2/java/core/release-notes/1.7.6.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://issues.apache.org/jira/browse/AXIS2-5853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://issues.apache.org/jira/browse/FILEUPLOAD-279"
      );
      # https://vuxml.freebsd.org/freebsd/c1265e85-7c95-11e7-93af-005056925db4.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d63db941"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.tenable.com/security/research/tra-2016-12"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:axis2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"axis2<1.7.6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idSTRUTS_2_3_36_FILEUPLOAD.NASL
    descriptionThe version of Apache Struts running on the remote host is 2.3.36 or prior. It is, therefore, affected by the following vulnerability: - A deserialization vulnerability in Apache Commons FileUpload which could be leveraged for remote code execution. (CVE-2016-1000031) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id118732
    published2018-11-05
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118732
    titleApache Struts <= 2.3.36 FileUpload Deserialization Vulnerability
  • NASL familyMisc.
    NASL idORACLE_BI_PUBLISHER_APR_2020_CPU.NASL
    descriptionThe version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.9.x prior to 11.1.1.9.200414 or 12.2.1.3.x prior to 12.2.1.3.200414 or 12.2.1.4.x prior to 12.2.1.4.200414. It is, therefore, affected by multiple vulnerabilities as noted in the April 2020 Critical Patch Update advisory - An unspecified vulnerability in the Analystics Web General component of Oracle BI Published. An easily exploitable vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. A successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2020-2950) - The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an invalid curve attack. (CVE-2015-7940) - Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution (CVE-2016-1000031) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-23
    modified2020-04-16
    plugin id135678
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135678
    titleOracle Business Intelligence Publisher Multiple Vulnerabilities (Apr 2020 CPU)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D70C9E18F34011E8BE460019DBB15B3F.NASL
    descriptionApache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution. Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GlassFish Server executes to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts). Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts). Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).
    last seen2020-06-01
    modified2020-06-02
    plugin id119274
    published2018-11-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119274
    titleFreeBSD : payara -- Multiple vulnerabilities (d70c9e18-f340-11e8-be46-0019dbb15b3f)
  • NASL familyCGI abuses
    NASL idORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL
    descriptionAccording to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) installation running on the remote web server is 8.4 prior to 8.4.15.10, 15.x prior to 15.2.18.4, 16.x prior to 16.2.17.2, 17.x prior to 17.12.12.0, or 18.x prior to 18.8.8.0. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - A denial of service vulnerability in the bundled third-party component OpenSSL library
    last seen2020-06-01
    modified2020-06-02
    plugin id124169
    published2019-04-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124169
    titleOracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)

References