Vulnerabilities > CVE-2017-10272 - Unspecified vulnerability in Oracle Tuxedo

047910
CVSS 9.9 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
LOW
network
low complexity
oracle
critical
nessus

Summary

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).

Vulnerable Configurations

Part Description Count
Application
Oracle
4

Nessus

NASL familyMisc.
NASL idORACLE_TUXEDO_CVE-2017-10269.NASL
descriptionThe version of Oracle Tuxedo installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities including unauthenticated remote code execution.
last seen2020-03-18
modified2017-11-27
plugin id104786
published2017-11-27
reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/104786
titleOracle Tuxedo Jolt Server Multiple Vulnerabilities (CVE-2017-10269)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(104786);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/19");

  script_cve_id(
    "CVE-2017-10266",
    "CVE-2017-10267",
    "CVE-2017-10269",
    "CVE-2017-10272",
    "CVE-2017-10278"
  );
  script_bugtraq_id(
    101841,
    101852,
    101870,
    101871,
    101875
  );

  script_name(english:"Oracle Tuxedo Jolt Server Multiple Vulnerabilities (CVE-2017-10269)");
  script_summary(english:"Checks for the patch.");

  script_set_attribute(attribute:"synopsis", value:
"An application server installed on the remote host is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle Tuxedo installed on the remote host is missing
a security patch. It is, therefore, affected by multiple
vulnerabilities including unauthenticated remote code execution.");
  # https://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?675bbafd");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate rolling patch according to Oracle Security
Alert Advisory - CVE-2017-10269.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-10269");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/11/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:tuxedo");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_tuxedo_installed.nbin");
  script_require_keys("installed_sw/Oracle Tuxedo");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("oracle_rdbms_cpu_func.inc");
include("misc_func.inc");
include("install_func.inc");

app_name = "Oracle Tuxedo";
install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
version = install['version'];
rp = install['RP'];
path = install['path'];

rp_fix = 0;

if (version =~ "^12\.1\.3\.0($|\.|_)")
{
  rp_fix = 100;
  patch = "26694193";
}
else if (version =~ "^12\.2\.2\.0($|\.|_)")
{
  rp_fix = 23;
  patch = "26694193";
}
else if (version =~ "^12\.1\.1\.0($|\.|_)")
{
  rp_fix = 89;
  patch = "27086843";
}
else if (version =~ "^11\.1\.1\.2($|\.|_)")
{
  rp_fix = 179;
  patch = "27105181";
}
else if (version =~ "^11\.1\.1\.3($|\.|_)")
{
  rp_fix = 36;
  patch = "27162711";
}
else
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, version + " RP " + rp, path);

if (rp == UNKNOWN_VER || rp < rp_fix)
{
  items = make_array("Path", path,
                     "Version", version,
                     "RP", rp,
                     "Required RP", rp_fix,
                     "Required patch", patch
                    );
  order = make_list("Path", "Version", "RP", "Required RP", "Required patch");
  report = report_items_str(report_items:items, ordered_fields:order);

  security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);
  exit(0);
}
else
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, version + " RP " + rp, path);