Vulnerabilities > CVE-2017-3295 - Remote Security vulnerability in Oracle Outside in Technology 8.5.2/8.5.3

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
oracle
nessus

Summary

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts).

Vulnerable Configurations

Part Description Count
Application
Oracle
2

Nessus

NASL familyWindows
NASL idWEBSPHERE_PORTAL_CVE-2017-1120.NASL
descriptionThe version of IBM WebSphere Portal installed on the remote Windows host is 8.5.0 prior to 8.5.0.0 CF14 or 9.0.0 prior to CF14. It is, therefore, affected by multiple vulnerabilities : - Multiple cross-site scripting (XSS) vulnerabilities exist in the web UI due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user
last seen2020-06-01
modified2020-06-02
plugin id99236
published2017-07-03
reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/99236
titleIBM WebSphere Portal 8.5.0 < 8.5.0 CF14 / 9.0.0 < 9.0.0 CF14 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(99236);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/12");

  script_cve_id(
    "CVE-2017-1120",
    "CVE-2017-1156",
    "CVE-2017-1217",
    "CVE-2017-3266",
    "CVE-2017-3267",
    "CVE-2017-3268",
    "CVE-2017-3269",
    "CVE-2017-3270",
    "CVE-2017-3271",
    "CVE-2017-3293",
    "CVE-2017-3294",
    "CVE-2017-3295"
  );
  script_bugtraq_id(
    95507,
    95513,
    95522,
    95524,
    95529,
    95532,
    95534,
    95536,
    95539,
    97075,
    98340,
    99350
  );

  script_name(english:"IBM WebSphere Portal 8.5.0 < 8.5.0 CF14 / 9.0.0 < 9.0.0 CF14 Multiple Vulnerabilities");
  script_summary(english:"Checks for the installed patch.");

  script_set_attribute(attribute:"synopsis", value:
"The web portal software installed on the remote Windows host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Portal installed on the remote Windows
host is 8.5.0 prior to 8.5.0.0 CF14 or 9.0.0 prior to CF14. It is,
therefore, affected by multiple vulnerabilities :

  - Multiple cross-site scripting (XSS) vulnerabilities
    exist in the web UI due to improper validation of
    user-supplied input before returning it to users. An
    unauthenticated, remote attacker can exploit these, via
    a specially crafted request, to execute arbitrary script
    code in a user's browser session. (CVE-2017-1120,
    CVE-2017-1217)

  - A cross-site redirection vulnerability exists due to
    improper validation of user-supplied input. An
    unauthenticated, remote attacker can exploit this, by
    convincing a user to follow a specially crafted link,
    to redirect the unsuspecting user from an intended
    trusted website to an arbitrary website of the
    attacker's choosing, which then can be used to conduct
    further attacks. (CVE-2017-1156)

  - A use-after-free error exists in the Outside In Filters
    subcomponent when handling PageHeight and PageWidth
    values in VSDX files. An unauthenticated, remote
    attacker can exploit this to deference already freed
    memory, resulting in the execution of arbitrary code.
    (CVE-2017-3266)

  - Multiple unspecified flaws exist in the Outside In
    Filters subcomponent that allow an unauthenticated,
    remote attacker to cause a denial of service condition.
    (CVE-2017-3267, CVE-2017-3268, CVE-2017-3270)

  - Multiple unspecified flaws exist in the Outside In
    Filters subcomponent that allow an unauthenticated,
    remote attacker to impact confidentiality, integrity,
    and availability. (CVE-2017-3269, CVE-2017-3271,
    CVE-2017-3293)

  - A denial of service vulnerability exists in the Outside
    In Filters subcomponent, specifically in the Content
    Access functionality within the vspdf.dll library, when
    parsing the /Pages key in a Catalog Dictionary. An
    unauthenticated, remote attacker can exploit this, via a
    specially crafted PDF file, to crash an application
    linked to the library. (CVE-2017-3294)

  - A denial of service vulnerability exists in the Outside
    In Filters subcomponent, specifically in the Content
    Access functionality within the vspdf.dll library, when
    parsing the /Matrix entry in a /CalRGB element within a
    PDF file. An unauthenticated, remote attacker can
    exploit this, via a specially crafted PDF file that
    triggers an invalid read, to crash an application linked
    to the library. (CVE-2017-3295)");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24037786#CF14");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22000152");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22000153");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22001394");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22004348");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Portal version 8.5.0 CF14 / 9.0.0 CF14 or
later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3293");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/06/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_portal_installed.nbin");
  script_require_keys("installed_sw/IBM WebSphere Portal");

  exit(0);
}

include("websphere_portal_version.inc");

websphere_portal_check_version(
  ranges:make_list(
    "9.0.0.0, 9.0.0.0, CF14",
    "8.5.0.0, 8.5.0.0, CF14"
    ),
  fix:"PI73835",
  severity:SECURITY_HOLE,
  xss:TRUE
);