Vulnerabilities > CVE-2018-15756

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
vmware
oracle
debian
nessus

Summary

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.

Vulnerable Configurations

Part Description Count
Application
Vmware
55
Application
Oracle
220
OS
Debian
1

Nessus

  • NASL familyMisc.
    NASL idORACLE_WEBLOGIC_SERVER_CPU_JUL_2019.NASL
    descriptionThe version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability allows a remote unauthenticated attacker with network access to compromise and takeover the StorageTek Tape Analytics SW Tool. (CVE-2019-2725) (CVE-2019-2729) - An unspecified vulnerability allows a remote unauthenticated attacker with network access to compromise and takeover the Tape Virtual Storage Manager GUI. (CVE-2019-2725) - An unspecified vulnerability in the WLS Core Component allows an authenticated low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server, resulting in unauthorized update, insert or delete access to Oracle WebLogic Server accessible data. (CVE-2019-2824) (CVE-2019-2827) - An unspecified vulnerability in the jQuery Component allows an authenticated low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server, resulting in unauthorized update, insert or delete access to Oracle WebLogic Server accessible data. Successful attacks require human interaction from actions from another Weblogic user. (CVE-2016-71030) - An unspecified vulnerability in the Application Container - JavaEE Component of Oracle WebLogic Server allows an unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. A successful attack of this vulnerability could result in takeover of Oracle WebLogic Server. (CVE-2019-2856) - An unspecified vulnerability in the Sample apps (Spring Framework) Component of Oracle WebLogic Server allows an unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. A successful attack of this vulnerability could result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. (CVE-2018-15756)
    last seen2020-06-01
    modified2020-06-02
    plugin id126915
    published2019-07-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126915
    titleOracle WebLogic Server Multiple Vulnerabilities (Jul 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126915);
      script_version("1.10");
      script_cvs_date("Date: 2019/11/20");
    
      script_cve_id(
        "CVE-2016-7103",
        "CVE-2018-15756",
        "CVE-2019-2725",
        "CVE-2019-2729",
        "CVE-2019-2824",
        "CVE-2019-2827",
        "CVE-2019-2856"
      );
      script_bugtraq_id(107944);
    
      script_name(english:"Oracle WebLogic Server Multiple Vulnerabilities (Jul 2019 CPU)");
      script_summary(english:"Checks the version of Oracle WebLogic to ensure the July 2019 CPU is applied.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application server installed on the remote host is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle WebLogic Server installed on the remote host is
    affected by multiple vulnerabilities:
    
      - An unspecified vulnerability allows a remote unauthenticated 
        attacker with network access to compromise and takeover the 
        StorageTek Tape Analytics SW Tool. (CVE-2019-2725) (CVE-2019-2729)
    
      - An unspecified vulnerability allows a remote unauthenticated 
        attacker with network access to compromise and takeover the 
        Tape Virtual Storage Manager GUI. (CVE-2019-2725)
    
      - An unspecified vulnerability in the WLS Core Component allows an 
        authenticated low privileged attacker with network 
        access via HTTP to compromise Oracle WebLogic Server, resulting 
        in unauthorized update, insert or delete access to Oracle 
        WebLogic Server accessible data. (CVE-2019-2824) (CVE-2019-2827)
    
      - An unspecified vulnerability in the jQuery Component allows an 
        authenticated low privileged attacker with network 
        access via HTTP to compromise Oracle WebLogic Server, resulting 
        in unauthorized update, insert or delete access to Oracle 
        WebLogic Server accessible data. Successful attacks require
        human interaction from actions from another Weblogic user.
        (CVE-2016-71030)
    
      - An unspecified vulnerability in the Application Container - JavaEE
        Component of Oracle WebLogic Server allows an unauthenticated
        attacker with network access via T3 to compromise Oracle WebLogic
        Server. A successful attack of this vulnerability could result in
        takeover of Oracle WebLogic Server. (CVE-2019-2856)
        
      - An unspecified vulnerability in the Sample apps (Spring Framework)
        Component of Oracle WebLogic Server allows an unauthenticated
        attacker with network access via HTTP to compromise Oracle WebLogic
        Server. A successful attack of this vulnerability could result in
        unauthorized ability to cause a hang or frequently repeatable crash
        (complete DOS) of Oracle WebLogic Server. (CVE-2018-15756)");
      # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9aa2b901");
      # https://www.oracle.com/technetwork/security-advisory/cpujul2019verbose-5072838.html#FMW
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?09b101ce");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the July 2019 Oracle
    Critical Patch Update advisory.
    
    Refer to Oracle for any additional patch instructions or
    mitigation options.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2729");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Oracle Weblogic Server Deserialization RCE - AsyncResponseService');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"agent", value:"all");
    
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/22");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:weblogic_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_weblogic_server_installed.nbin", "os_fingerprint.nasl");
      script_require_keys("installed_sw/Oracle WebLogic Server");
    
      exit(0);
    }
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('install_func.inc');
    include('obj.inc');
    include('spad_log_func.inc');
    
    app_name = "Oracle WebLogic Server";
    
    install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
    ohome = install["Oracle Home"];
    subdir = install["path"];
    version = install["version"];
    
    fix = NULL;
    fix_ver = NULL;
    
    spad_log(message:"checking version [" + version + "]");
    # individual security patches
    if (version =~ "^12\.2\.1\.3($|[^0-9])")
    {
      fix_ver = "12.2.1.3.190522";
      fix = make_list("29814665");
    }
    else if (version =~ "^12\.1\.3\.")
    {
      fix_ver = "12.1.3.0.190716";
      fix = make_list("29633448");
    }
    else if (version =~ "^10\.3\.6\.")
    {
      fix_ver = "10.3.6.0.190716";
      fix = make_list("MXLE"); # patchid is obtained from the readme and 10.3.6.x assets are different
    }
    else
      audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);
    
    spad_log(message:"checking fix [" + obj_rep(fix) + "]");
    PATCHED=FALSE;
    
    # Iterate over the list of patches and check the install for the patchID
    foreach id (fix)
    {
     spad_log(message:"Checking fix id: [" + id +"]");
     if (install[id])
     {
       PATCHED=TRUE;
       break;
     }
    }
    
    VULN=FALSE;
    if (ver_compare(ver:version, fix:fix_ver, strict:FALSE) == -1)
      VULN=TRUE;
    
    if (PATCHED || !VULN)
      audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);
    
    os = get_kb_item_or_exit("Host/OS");
    if ('windows' >< tolower(os))
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    }
    else port = 0;
    
    report =
      '\n  Oracle Home    : ' + ohome +
      '\n  Install path   : ' + subdir +
      '\n  Version        : ' + version +
      '\n  Fixes          : ' + join(sep:", ", fix);
    
    security_report_v4(extra:report, severity:SECURITY_HOLE, port:port);
    
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_APR_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-15756) - Agent Next Gen (IBM Java) vulnerability allows unauthenticated, remote attacker unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data. (CVE-2018-1656, CVE-2018-12539) - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)
    last seen2020-06-01
    modified2020-06-02
    plugin id124157
    published2019-04-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124157
    titleOracle Enterprise Manager Cloud Control (Apr 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124157);
      script_version("1.3");
      script_cvs_date("Date: 2019/04/30 14:30:16");
    
      script_cve_id(
        "CVE-2018-0734",
        "CVE-2018-0735",
        "CVE-2018-11039",
        "CVE-2018-11040",
        "CVE-2018-12539",
        "CVE-2018-1257",
        "CVE-2018-1258",
        "CVE-2018-15756",
        "CVE-2018-1656",
        "CVE-2018-5407"
      );
      script_bugtraq_id(
        104222,
        104260,
        105118,
        105126,
        105703,
        105750,
        105758,
        105897
      );
      script_xref(name:"IAVA", value:"2019-A-0130");
    
      script_name(english:"Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)");
      script_summary(english:"Checks for the patch ID.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An enterprise management application installed on the remote host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle Enterprise Manager Cloud Control installed on
    the remote host is affected by multiple vulnerabilities in
    Enterprise Manager Base Platform component:
    
      - Networking component of Enterprise Manager Base Platform (Spring Framework)
      is easily exploited and may allow an unauthenticated, remote attacker to takeover
      the Enterprise Manager Base Platform.
      (CVE-2018-1258, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-15756)
    
      - Agent Next Gen (IBM Java) vulnerability allows unauthenticated, remote attacker
      unauthorized access to critical data or complete access to all Enterprise Manager
      Base Platform accessible data. (CVE-2018-1656, CVE-2018-12539)
    
      - An information disclosure vulnerability exists in OpenSSL due to the potential
      for a side-channel timing attack. An unauthenticated attacker can exploit
      this to disclose potentially sensitive information. 
      (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)
    ");
      # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9166970d");
      # https://support.oracle.com/rs?type=doc&id=2498664.1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ba7181fa");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the April 2019
    Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1258");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_enterprise_manager_installed.nbin");
      script_require_keys("installed_sw/Oracle Enterprise Manager Cloud Control");
    
      exit(0);
    }
    
    include('global_settings.inc');
    include('misc_func.inc');
    include('oracle_rdbms_cpu_func.inc');
    include('install_func.inc');
    
    product = 'Oracle Enterprise Manager Cloud Control';
    install = get_single_install(app_name:product, exit_if_unknown_ver:TRUE);
    version = install['version'];
    emchome = install['path'];
    
    patchid = NULL;
    missing = NULL;
    patched = FALSE;
    fix = NULL;
    
    if (version =~ '^13\\.3\\.0\\.0(\\.[0-9]+)?$')
    {
      patchid = '29433931';
      fix = '13.3.0.0.190416';
    }
    else if (version =~ '^13\\.2\\.0\\.0(\\.[0-9]+)?$')
    {
      patchid = '29433916';
      fix = '13.2.0.0.190416';
    }
    else if (version =~ '^12\\.1\\.0\\.5(\\.[0-9]+)?$')
    {
      patchid = '29433895';
      fix = '12.1.0.5.190416';
    }
    
    if (isnull(patchid))
      audit(AUDIT_HOST_NOT, 'affected');
    
    # compare version to check if we've already adjusted for patch level during detection
    if (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)
      audit(AUDIT_INST_PATH_NOT_VULN, product, version, emchome);
    
    # Now look for the affected components
    patchesinstalled = find_patches_in_ohomes(ohomes:make_list(emchome));
    if (isnull(patchesinstalled))
      missing = patchid;
    else
    {
      foreach applied (keys(patchesinstalled[emchome]))
      {
        if (applied == patchid)
        {
          patched = TRUE;
          break;
        }
        else
        {
          foreach bugid (patchesinstalled[emchome][applied]['bugs'])
          {
            if (bugid == patchid)
            {
              patched = TRUE;
              break;
            }
          }
          if (patched) break;
        }
      }
      if (!patched)
        missing = patchid;
    }
    
    if (empty_or_null(missing))
      audit(AUDIT_HOST_NOT, 'affected');
    
    order = make_list('Product', 'Version', 'Missing patch');
    report = make_array(
      order[0], product,
      order[1], version,
      order[2], patchid
    );
    report = report_items_str(report_items:report, ordered_fields:order);
    
    security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);
    
  • NASL familyMisc.
    NASL idORACLE_GOLDENGATE_FOR_BIG_DATA_CPU_OCT_2019.NASL
    descriptionAccording to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is 12.3.1.1.x less than 12.3.1.1.6 or 12.3.2.1.x less than 12.3.2.1.5. It is, therefore, affected by a denial of service (DoS) vulnerability. This vulnerability is due to its use of Spring Framework, which provides support for range requests when serving static resources through the ResourceHttpRequestHandler or when an annotated controller returns an org.springframework.core.io.Resource. An unauthenticated, remote attacker can exploit this issue by adding a range header with a high number of ranges, or with wide ranges that overlap, or both to cause the application to stop responding. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129973
    published2019-10-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129973
    titleOracle GoldenGate for Big Data 12.3.1.1.x < 12.3.1.1.6 / 12.3.2.1.x < 12.3.2.1.5 Spring Framework DoS (Oct 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(129973);
      script_version("1.2");
      script_cvs_date("Date: 2019/10/17 14:31:04");
    
      script_cve_id("CVE-2018-15756");
      script_bugtraq_id(105703);
    
      script_name(english:"Oracle GoldenGate for Big Data 12.3.1.1.x < 12.3.1.1.6 / 12.3.2.1.x < 12.3.2.1.5 Spring Framework DoS (Oct 2019 CPU)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The Oracle GoldenGate for Big Data application on the remote host is affected by a denial of service vulnerability.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote
    host is 12.3.1.1.x less than 12.3.1.1.6 or 12.3.2.1.x less than 12.3.2.1.5. It is, therefore, affected by a denial of
    service (DoS) vulnerability. This vulnerability is due to its use of Spring Framework, which provides support for range
    requests when serving static resources through the ResourceHttpRequestHandler or when an annotated controller returns
    an org.springframework.core.io.Resource. An unauthenticated, remote attacker can exploit this issue by adding a range
    header with a high number of ranges, or with wide ranges that overlap, or both to cause the application to stop
    responding.
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      # https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b370bc74");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patches according to the October 2019 Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-15756");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/16");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:goldengate_application_adapters:");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_goldengate_for_big_data_installed.nbin");
      script_require_keys("Settings/ParanoidReport", "installed_sw/Oracle GoldenGate for Big Data");
    
      exit(0);
    }
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('vcf.inc');
    
    // Paranoid because the detection is looking for the presence of JAR files. It's possible that the customer has JAR
    // files from outdated versions on their system, but is not currently using them.
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    app_name = 'Oracle GoldenGate for Big Data';
    app_info = vcf::get_app_info(app:app_name);
    
    constraints = [
      { 'min_version':'12.3.1.1', 'fixed_version':'12.3.1.1.6' },
      { 'min_version':'12.3.2.1', 'fixed_version':'12.3.2.1.5' }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
    
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734) - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258)
    last seen2020-06-01
    modified2020-06-02
    plugin id125147
    published2019-05-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125147
    titleOracle Enterprise Manager Ops Center (Apr 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125147);
      script_version("1.2");
      script_cvs_date("Date: 2019/05/17  9:44:17");
    
      script_cve_id(
        "CVE-2016-1000031",
        "CVE-2018-0161",
        "CVE-2018-0734",
        "CVE-2018-0735",
        "CVE-2018-5407",
        "CVE-2018-11763",
        "CVE-2017-9798",
        "CVE-2018-1258",
        "CVE-2018-11039",
        "CVE-2018-11040",
        "CVE-2018-1257",
        "CVE-2018-15756"
      );
    
      script_bugtraq_id(
        93604,
        100872,
        103573,
        104222,
        104260,
        105414,
        105703,
        105750,
        105758,
        105897,
        107984,
        107986
      );
      script_xref(name:"IAVA", value:"2019-A-0130");
    
      script_name(english:"Oracle Enterprise Manager Ops Center (Apr 2019 CPU)");
      script_summary(english:"Checks for the patch ID.");
      script_set_attribute(attribute:"synopsis", value:
    "An enterprise management application installed on the remote host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle Enterprise Manager Cloud Control installed on
    the remote host is affected by multiple vulnerabilities in
    Enterprise Manager Base Platform component:
    
      - A deserialization vulnerability in Apache Commons
        FileUpload allows for remote code execution.
        (CVE-2016-1000031)
    
      - An information disclosure vulnerability exists in OpenSSL
        due to the potential for a side-channel timing attack.
        An unauthenticated attacker can exploit this to disclose
        potentially sensitive information. (CVE-2018-0734)
    
      - A denial of service (DoS) vulnerability exists in Apache
        HTTP Server 2.4.17 to 2.4.34, due to a design error. An
        unauthenticated, remote attacker can exploit this issue
        by sending continuous, large SETTINGS frames to cause a
        client to occupy a connection, server thread and CPU
        time without any connection timeout coming to effect.
        This affects only HTTP/2 connections. A possible
        mitigation is to not enable the h2 protocol.
        (CVE-2018-11763).
    
      - Networking component of Enterprise Manager Base Platform
        (Spring Framework) is easily exploited and may allow an
        unauthenticated, remote attacker to takeover the
        Enterprise Manager Base Platform. (CVE-2018-1258)
    
    ");
      # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9166970d");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the April 2019
    Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000031");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"agent", value:"unix");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin");
      script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center");
    
      exit(0);
    }
    
    include('global_settings.inc');
    include('misc_func.inc');
    include('install_func.inc');
    
    get_kb_item_or_exit('Host/local_checks_enabled');
    app_name = 'Oracle Enterprise Manager Ops Center';
    
    install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
    version = install['version'];
    version_full = install['Full Patch Version'];
    path = install['path'];
    patch_version = install['Patch Version'];
    
    
    patchid = NULL;
    fix = NULL;
    
    if (version_full =~ "^12\.3\.3\.")
    {
      patchid = '29623885';
      fix = '1819';
    } 
    
    if (isnull(patchid))
      audit(AUDIT_HOST_NOT, 'affected');
    
    if (ver_compare(ver:patch_version, fix:fix, strict:FALSE) != -1)
      audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_full, path);
    
    report = 
      '\n Path                : ' + path + 
      '\n Version             : ' + version + 
      '\n Ops Agent Version   : ' + version_full + 
      '\n Current Patch       : ' + patch_version + 
      '\n Fixed Patch Version : ' + fix +
      '\n Fix                 : ' + patchid;
    
    security_report_v4(extra:report, severity:SECURITY_HOLE, port:0);
  • NASL familyWindows
    NASL idORACLE_WEBCENTER_SITES_JUL_2019_CPU.NASL
    descriptionOracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities : - A deserialization vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Apache Groovy)) due to a lack of isolation of object deserialization code. An unauthenticated, remote attacker can exploit this, via HTTP, to execute arbitrary code on the target host. (CVE-2016-6814) - A remote code execution vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Apache Commons FileUpload)) due to an unspecified reason. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. (CVE-2016-1000031) - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Third Party Tools (Apache Batik)) due to an issue with deserialization. An unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop functioning properly. (CVE-2018-8013) - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI (Spring Framework)) due to an issue handling range requests with a high number of ranges, wide ranges that overlap, or both. An unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop responding. (CVE-2018-15765) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application
    last seen2020-05-03
    modified2020-04-29
    plugin id136091
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136091
    titleOracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136091);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/27");
    
      script_cve_id(
        "CVE-2016-6814",
        "CVE-2016-1000031",
        "CVE-2018-8013",
        "CVE-2018-15756"
      );
      script_xref(name:"IAVA", value:"2019-A-0256");
    
      script_name(english:"Oracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU)");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application running on the remote host is affected by multiple security vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities :
    
      - A deserialization vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware
        (subcomponent: Advanced UI (Apache Groovy)) due to a lack of isolation of object deserialization code. An
        unauthenticated, remote attacker can exploit this, via HTTP, to execute arbitrary code on the target host.
        (CVE-2016-6814)
    
      - A remote code execution vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion
        Middleware (subcomponent: Advanced UI (Apache Commons FileUpload)) due to an unspecified reason. An
        unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands.
        (CVE-2016-1000031)
    
      - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion
        Middleware (subcomponent: Third Party Tools (Apache Batik)) due to an issue with deserialization. An
        unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop
        functioning properly. (CVE-2018-8013)
    
      - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion
        Middleware (subcomponent: Advanced UI (Spring Framework)) due to an issue handling range requests with
        a high number of ranges, wide ranges that overlap, or both. An unauthenticated, remote attacker can
        exploit this issue, via HTTP, to cause the application to stop responding. (CVE-2018-15765)
    
    Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's
    self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujul2019.html");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the July 2019 Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000031");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/29");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_webcenter_sites_installed.nbin");
      script_require_keys("SMB/WebCenter_Sites/Installed");
    
      exit(0);
    }
    
    get_kb_item_or_exit('SMB/WebCenter_Sites/Installed');
    
    port = get_kb_item('SMB/transport');
    if (isnull(port))
      port = 445;
    
    versions = get_kb_list('SMB/WebCenter_Sites/*/Version');
    if (isnull(versions)) exit(1, 'Unable to obtain a version list for Oracle WebCenter Sites.');
    
    report = '';
    
    # vulnerable versions: 
    # - 12.2.1.3.0 - Revision 185862, Patch 29957990
    #     Note that the revision does not match up with the version suffix shown in the readme
    
    foreach key (keys(versions))
    {
      fix = '';
    
      version = versions[key];
      revision = get_kb_item(key - '/Version' + '/Revision');
      path = get_kb_item(key - '/Version' + '/Path');
    
      if (isnull(version) || isnull(revision)) continue;
    
      # Patch 29957990 - 12.2.1.3.0 < Revision 185862
      if (version =~ "^12\.2\.1\.3\.0$" && revision < 185862)
      {
        fix = '\n  Fixed revision : 185862' +
              '\n  Required patch : 29957990';
      }
    
      if (fix != '')
      {
        if (!isnull(path)) report += '\n  Path           : ' + path;
        report += '\n  Version        : ' + version +
                  '\n  Revision       : ' + revision +
                  fix + '\n';
      }
    }
    
    if (report != '') security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
    else audit(AUDIT_INST_VER_NOT_VULN, "Oracle WebCenter Sites");
    
  • NASL familyCGI abuses
    NASL idORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2019.NASL
    descriptionAccording to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.16, 16.x prior to 16.2.9, 17.x prior to 17.12.4, or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: - An unspecified vulnerability in the Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch allows an a malicious user to add a range header with a high number of ranges, or with wide ranges that overlap, or both, to cause a denial of service. (CVE-2018-15756) - FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. (CVE-2018-19360) - FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. (CVE-2018-19361) - FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. (CVE-2018-19362) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id126828
    published2019-07-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126828
    titleOracle Primavera Gateway Multiple Vulnerabilities (Jul 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126828);
      script_version("1.2");
      script_cvs_date("Date: 2019/10/18 23:14:14");
    
      script_cve_id(
        "CVE-2018-15756",
        "CVE-2018-19360",
        "CVE-2018-19361",
        "CVE-2018-19362"
      );
      script_bugtraq_id(105703, 107985);
    
      script_name(english:"Oracle Primavera Gateway Multiple Vulnerabilities (Jul 2019 CPU)");
      script_summary(english:"Checks the version of Oracle Primavera Gateway.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application running on the remote web server is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the Oracle Primavera
    Gateway installation running on the remote web server is 15.x prior to 
    15.2.16, 16.x prior to 16.2.9, 17.x prior to 17.12.4, or 18.x prior to
    18.8.6. It is, therefore, affected by multiple vulnerabilities:
    
      - An unspecified vulnerability in the Spring Framework,
        version 5.1, versions 5.0.x prior to 5.0.10, versions
        4.3.x prior to 4.3.20, and older unsupported versions
        on the 4.2.x branch allows an a malicious user to add
        a range header with a high number of ranges, or with
        wide ranges that overlap, or both, to cause a denial
        of service. (CVE-2018-15756)
    
      - FasterXML jackson-databind 2.x before 2.9.8 might allow
        attackers to have unspecified impact by leveraging
        failure to block the axis2-transport-jms class from
        polymorphic deserialization. (CVE-2018-19360)
    
      - FasterXML jackson-databind 2.x before 2.9.8 might allow
        attackers to have unspecified impact by leveraging
        failure to block the openjpa class from polymorphic
        deserialization. (CVE-2018-19361)
    
      - FasterXML jackson-databind 2.x before 2.9.8 might allow
        attackers to have unspecified impact by leveraging
        failure to block the jboss-common-core class from
        polymorphic deserialization. (CVE-2018-19362)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixPVA
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?25a1b782");
      # https://support.oracle.com/rs?type=doc&id=2555549.1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b5f18b61");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Oracle Primavera Gateway version 15.2.16 / 16.2.9 / 17.12.4
    / 18.8.6 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19362");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/19");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/a:oracle:primavera_gateway");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_primavera_gateway.nbin");
      script_require_keys("installed_sw/Oracle Primavera Gateway");
      script_require_ports("Services/www", 8006);
    
      exit(0);
    }
    
    include('http.inc');
    include('vcf.inc');
    
    get_install_count(app_name:'Oracle Primavera Gateway', exit_if_zero:TRUE);
    
    port = get_http_port(default:8006);
    
    app_info = vcf::get_app_info(app:'Oracle Primavera Gateway', port:port);
    
    vcf::check_granularity(app_info:app_info, sig_segments:2);
    
    constraints = [
      { 'min_version' : '15.0.0', 'fixed_version' : '15.2.16' },
      { 'min_version' : '16.0.0', 'fixed_version' : '16.2.9' },
      { 'min_version' : '17.0.0', 'fixed_version' : '17.12.4' },
      { 'min_version' : '18.0.0', 'fixed_version' : '18.8.6' }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE); 
    
  • NASL familyMisc.
    NASL idORACLE_IDENTITY_MANAGEMENT_CPU_APR_2020.NASL
    descriptionThe remote host is missing the April 2020 Critical Patch Update for Oracle Identity Manager Connector. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: General (Apache ActiveMQ)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Identity Manager Connector. (CVE-2019-0222) - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: LDAP Gateway (Spring Framework)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Identity Manager Connector. (CVE-2018-15756) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-05-06
    modified2020-05-01
    plugin id136284
    published2020-05-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136284
    titleOracle Identity Manager Connector Multiple Vulnerabilities (April 2020 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136284);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id("CVE-2018-15756", "CVE-2019-0222");
    
      script_name(english:"Oracle Identity Manager Connector Multiple Vulnerabilities (April 2020 CPU)");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote host is affected by a remote
    security vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote host is missing the April 2020 Critical Patch Update for
    Oracle Identity Manager Connector. It is, therefore, affected by multiple vulnerabilities:
    
     - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware 
     (component: General (Apache ActiveMQ)). The supported version that is affected is 9.0. Easily exploitable 
     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager Connector. 
     Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable 
     crash (complete DOS) of Identity Manager Connector. (CVE-2019-0222)
    
     - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: LDAP Gateway 
     (Spring Framework)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows 
     unauthenticated attacker with network access via HTTP to compromise Identity Manager Connector. Successful attacks of 
     this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of
     Identity Manager Connector. (CVE-2018-15756)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2020.html");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the April 2020 Oracle
    Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0222");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(94);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:identity_manager");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_identity_management_installed.nbin");
      script_require_keys("installed_sw/Oracle Identity Manager");
    
      exit(0);
    }
    include('vcf.inc');
    
    appname = 'Oracle Identity Manager';
    
    app_info = vcf::get_app_info(app:appname);
     
    constraints = [
      {'min_version': '9.0', 'fixed_version': '9.1'}
    ];
    vcf::check_version_and_report(app_info: app_info, constraints: constraints, severity: SECURITY_WARNING);

References