Vulnerabilities > CVE-2018-1258 - Incorrect Authorization vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Misc. NASL id ORACLE_ENTERPRISE_MANAGER_APR_2019_CPU.NASL description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-15756) - Agent Next Gen (IBM Java) vulnerability allows unauthenticated, remote attacker unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data. (CVE-2018-1656, CVE-2018-12539) - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407) last seen 2020-06-01 modified 2020-06-02 plugin id 124157 published 2019-04-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124157 title Oracle Enterprise Manager Cloud Control (Apr 2019 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124157); script_version("1.3"); script_cvs_date("Date: 2019/04/30 14:30:16"); script_cve_id( "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-12539", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-15756", "CVE-2018-1656", "CVE-2018-5407" ); script_bugtraq_id( 104222, 104260, 105118, 105126, 105703, 105750, 105758, 105897 ); script_xref(name:"IAVA", value:"2019-A-0130"); script_name(english:"Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)"); script_summary(english:"Checks for the patch ID."); script_set_attribute(attribute:"synopsis", value: "An enterprise management application installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-15756) - Agent Next Gen (IBM Java) vulnerability allows unauthenticated, remote attacker unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data. (CVE-2018-1656, CVE-2018-12539) - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407) "); # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9166970d"); # https://support.oracle.com/rs?type=doc&id=2498664.1 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ba7181fa"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the April 2019 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1258"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_enterprise_manager_installed.nbin"); script_require_keys("installed_sw/Oracle Enterprise Manager Cloud Control"); exit(0); } include('global_settings.inc'); include('misc_func.inc'); include('oracle_rdbms_cpu_func.inc'); include('install_func.inc'); product = 'Oracle Enterprise Manager Cloud Control'; install = get_single_install(app_name:product, exit_if_unknown_ver:TRUE); version = install['version']; emchome = install['path']; patchid = NULL; missing = NULL; patched = FALSE; fix = NULL; if (version =~ '^13\\.3\\.0\\.0(\\.[0-9]+)?$') { patchid = '29433931'; fix = '13.3.0.0.190416'; } else if (version =~ '^13\\.2\\.0\\.0(\\.[0-9]+)?$') { patchid = '29433916'; fix = '13.2.0.0.190416'; } else if (version =~ '^12\\.1\\.0\\.5(\\.[0-9]+)?$') { patchid = '29433895'; fix = '12.1.0.5.190416'; } if (isnull(patchid)) audit(AUDIT_HOST_NOT, 'affected'); # compare version to check if we've already adjusted for patch level during detection if (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0) audit(AUDIT_INST_PATH_NOT_VULN, product, version, emchome); # Now look for the affected components patchesinstalled = find_patches_in_ohomes(ohomes:make_list(emchome)); if (isnull(patchesinstalled)) missing = patchid; else { foreach applied (keys(patchesinstalled[emchome])) { if (applied == patchid) { patched = TRUE; break; } else { foreach bugid (patchesinstalled[emchome][applied]['bugs']) { if (bugid == patchid) { patched = TRUE; break; } } if (patched) break; } } if (!patched) missing = patchid; } if (empty_or_null(missing)) audit(AUDIT_HOST_NOT, 'affected'); order = make_list('Product', 'Version', 'Missing patch'); report = make_array( order[0], product, order[1], version, order[2], patchid ); report = report_items_str(report_items:report, ordered_fields:order); security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);NASL family Misc. NASL id ORACLE_ENTERPRISE_MANAGER_JUL_2019_CPU.NASL description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: Connector Framework (Apache CXF)), which could allow an unauthenticated, remote attacker to compromise Enterprise Manager Base Platform. (CVE-2018-8039) - An unspecified vulnerability in the Oracle Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: Valid Session (Apache ActiveMQ)), which could allow an unauthenticated, remote attacker to compromise Oracle Enterprise Manager Base Platform. (CVE-2019-0222) - An unspecified vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: Discovery Framework (OpenSSL)), which could allow and unauthenticated, remote attacker to compromise Enterprise Manager Base Platform. (CVE-2019-1559) last seen 2020-06-01 modified 2020-06-02 plugin id 126775 published 2019-07-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126775 title Oracle Enterprise Manager Cloud Control (Jul 2019 CPU) NASL family Misc. NASL id ORACLE_WEBLOGIC_SERVER_CPU_APR_2019.NASL description The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the Spring Framework allows a low privileged, remote attacker with network access via HTTP to compromise and takeover the Oracle Communications Unified Inventory Management. (CVE-2018-1258) - An unspecified vulnerability in the WLS Core Component allows an authenticated low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server, resulting in unauthorized update, insert or delete access to Oracle WebLogic Server accessible data. (CVE-2019-2568) - An unspecified vulnerability in the WLS Core Component which allows an authenticated, high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server, resulting in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. (CVE-2019-2615) - An unspecified vulnerability in the WLS Core Component which allows an authenticated, high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server, resulting in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. (CVE-2019-2618) - An unspecified vulnerability in the WLS Core Components allows an unauthenticated, remote attacker with network access via T3 to compromise and takeover the Oracle WebLogic Server. (CVE-2019-2645) - An unspecified vulnerability in the EJB Container allows an unauthenticated, remote attacker with network access via T3 to compromise and takeover the Oracle WebLogic Server. (CVE-2019-2646) - An unspecified vulnerability in the WLS - Web Services which allows an authenticated, high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server, resulting in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. (CVE-2019-2647) (CVE-2019-2648) (CVE-2019-2649) (CVE-2019-2650) - An unspecified vulnerability in the WLS Core Component allows an authenticated low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server, resulting in unauthorized update, insert or delete access to Oracle WebLogic Server accessible data. (CVE-2019-2658) last seen 2020-06-01 modified 2020-06-02 plugin id 124122 published 2019-04-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124122 title Oracle WebLogic Server Multiple Vulnerabilities (Apr 2019 CPU) NASL family Misc. NASL id ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734) - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258) last seen 2020-06-01 modified 2020-06-02 plugin id 125147 published 2019-05-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125147 title Oracle Enterprise Manager Ops Center (Apr 2019 CPU) NASL family Misc. NASL id ORACLE_OATS_CPU_JAN_2019.NASL description The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Enterprise Manager Base Platform Agent Next Gen (Jython) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2016-4000) - Enterprise Manager Base Platform Discovery Framework (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Base Platform. (CVE-2018-0732) - Enterprise Manager Ops Center Networking (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Ops Center Platform. (CVE-2018-0732) - Oracle Application Testing Suite Load Testing for Web Apps (Spring Framework) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2018-1258) - Enterprise Manager Base Platform EM Console component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access. (CVE-2018-3303) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3304) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3305) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-12023) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-14718) - Enterprise Manager Ops Center Networking (cURL) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager Ops Center. (CVE-2018-1000300) last seen 2020-06-01 modified 2020-06-02 plugin id 121257 published 2019-01-21 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121257 title Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2019 CPU) NASL family Misc. NASL id ORACLE_GOLDENGATE_FOR_BIG_DATA_CPU_OCT_2018.NASL description The version of Oracle GoldenGate for Big Data application located on the remote host is 12.2.0.1.x less than 12.2.0.1.10 or 12.3.1.1.x less than 12.3.1.1.6. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists in Oracle GoldenGate for Big Data. An authenticated, remote attacker can exploit this, via unknown vectors, to compromise confidentiality, integrity, and availability. (CVE-2016-0635) - An authorization bypass vulnerability exists in Spring Framework 5.0.5 when used in conjunction with Spring Security and using method security. An authenticated, remote attacker can exploit this to gain unauthorized access to methods that should be restricted. (CVE-2018-1258) - A remote code execution vulnerability exists in the Spring Framework. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2018-1275) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2020-03-05 plugin id 134225 published 2020-03-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134225 title Oracle GoldenGate for Big Data 12.2.0.1.x < 12.2.0.1.10 / 12.3.1.1.x < 12.3.1.1.6 Multiple Vulnerabilities (Oct 2018 CPU)
Redhat
| advisories |
|
References
- https://pivotal.io/security/cve-2018-1258
- http://www.securityfocus.com/bid/104222
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securitytracker.com/id/1041896
- http://www.securitytracker.com/id/1041888
- https://security.netapp.com/advisory/ntap-20181018-0002/
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://access.redhat.com/errata/RHSA-2019:2413
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html