Vulnerabilities > CVE-2016-4000 - Deserialization of Untrusted Data vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
jython-project
debian
CWE-502
critical
nessus

Summary

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.

Vulnerable Configurations

Part Description Count
Application
Jython_Project
1
OS
Debian
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_OCT_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A remote security vulnerability exists in the Enterprise Manager Base Platform product of Oracle Enterprise Manager. An unauthenticated attacker with network access can exploit this vulnerability via HTTP by sending Jython command to execute arbitrary code via a crafted serialized PyFunction object, can result in takeover Enterprise Manager Base Platform. (CVE-2016-4000)
    last seen2020-06-01
    modified2020-06-02
    plugin id130054
    published2019-10-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130054
    titleOracle Enterprise Manager Cloud Control (Oct 2019 CPU)
  • NASL familyMisc.
    NASL idORACLE_OATS_CPU_JAN_2019.NASL
    descriptionThe version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Enterprise Manager Base Platform Agent Next Gen (Jython) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2016-4000) - Enterprise Manager Base Platform Discovery Framework (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Base Platform. (CVE-2018-0732) - Enterprise Manager Ops Center Networking (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Ops Center Platform. (CVE-2018-0732) - Oracle Application Testing Suite Load Testing for Web Apps (Spring Framework) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2018-1258) - Enterprise Manager Base Platform EM Console component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access. (CVE-2018-3303) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3304) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3305) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-12023) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-14718) - Enterprise Manager Ops Center Networking (cURL) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager Ops Center. (CVE-2018-1000300)
    last seen2020-06-01
    modified2020-06-02
    plugin id121257
    published2019-01-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121257
    titleOracle Application Testing Suite Multiple Vulnerabilities (Jan 2019 CPU)
  • NASL familyMisc.
    NASL idORACLE_OATS_CPU_JAN_2020.NASL
    descriptionThe version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder (Jython)). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. (CVE-2016-4000) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder (Jython). An unauthenticated, remote attacker with network access via HTTP to compromise Oracle Application Testing Suite. (CVE-2016-4000) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Load Testing for Web Apps (Apache POI). An unauthenticated, remote attacker with network access via HTTP to compromise Oracle Application Testing Suite and cause the process to hang or frequently repeatable crash (complete DOS). (CVE-2017-12626) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder (Apache POI). An unauthenticated, remote attacker with network access via HTTP to compromise Oracle Application Testing Suite and cause the process to hang or frequently repeatable crash (complete DOS). (CVE-2017-12626) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Load Testing for Web Apps (AntiSamy). An unauthenticated, remote attacker with network access via HTTP who is able to obtain human interaction can impact additional products and result in an unauthorized update, insert, or delete access to some accessible data as well as unauthorized read access to a subset of accessible data. (CVE-2017-14735) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder (Antisamy). An unauthenticated, remote attacker with network access via HTTP who is able to obtain human interaction can impact additional products and result in an unauthorized update, insert, or delete access to some accessible data as well as unauthorized read access to a subset of accessible data. (CVE-2017-14735) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Load Testing for Web Apps (Application Development Framework). An unauthenticated, remote attacker with network access via HTTP can result in takeover of Oracle Application Testing Suite. (CVE-2019-2904) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder (jQuery). An unauthenticated, remote attacker with network access via HTTP who is able to obtain human interaction can impact additional products and result in an unauthorized update, insert, or delete access to some accessible data as well as unauthorized read access to a subset of accessible data. (CVE-2019-11358) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Load Testing for Web Apps (Apache POI). An authenticated, low priviledged remote attacker with network access to the infrastructure can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. (CVE-2019-12415) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder. An unauthenticated remote attacker with network access via HTTP can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. (CVE-2020-2673)
    last seen2020-05-08
    modified2020-01-27
    plugin id133260
    published2020-01-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133260
    titleOracle Application Testing Suite Multiple Vulnerabilities (Jan 2020 CPU)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-989.NASL
    descriptionAlvaro Munoz and Christian Schneider discovered that Jython, an implementation of the Python language seamlessly integrated with Java, would execute arbitrary code when deserializing objects. For Debian 7
    last seen2020-03-17
    modified2017-06-19
    plugin id100849
    published2017-06-19
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/100849
    titleDebian DLA-989-1 : jython security update
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201710-28.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201710-28 (Jython: Arbitrary code execution) It was found that Jython is vulnerable to arbitrary code execution by sending a serialized function to the deserializer. Impact : Remote execution of arbitrary code by enticing a user to execute malicious code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id104229
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/104229
    titleGLSA-201710-28 : Jython: Arbitrary code execution
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_JAN_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A remote code execution vulnerability exists in Jython before 2.7.1rc1. An unauthenticated, remote attacker can exploit this by sending a serialized function to the deserializer. (CVE-2016-4000) - A denial of service (DoS) vulnerability exists in OpenSSL due to the client spending long periods of time generating a key from large prime values. A malicious remote server can exploit this issue via sending a very large prime value to the clients, resulting in a hang until the client has finished generating the key. (CVE-2018-0732)
    last seen2020-06-01
    modified2020-06-02
    plugin id121225
    published2019-01-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121225
    titleOracle Enterprise Manager Cloud Control (January 2019 CPU)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3893.NASL
    descriptionAlvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer.
    last seen2020-06-01
    modified2020-06-02
    plugin id101010
    published2017-06-23
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101010
    titleDebian DSA-3893-1 : jython - security update

References