Vulnerabilities > CVE-2018-15756

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(126915);
  script_version("1.10");
  script_cvs_date("Date: 2019/11/20");

  script_cve_id(
    "CVE-2016-7103",
    "CVE-2018-15756",
    "CVE-2019-2725",
    "CVE-2019-2729",
    "CVE-2019-2824",
    "CVE-2019-2827",
    "CVE-2019-2856"
  );
  script_bugtraq_id(107944);

  script_name(english:"Oracle WebLogic Server Multiple Vulnerabilities (Jul 2019 CPU)");
  script_summary(english:"Checks the version of Oracle WebLogic to ensure the July 2019 CPU is applied.");

  script_set_attribute(attribute:"synopsis", value:
"An application server installed on the remote host is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle WebLogic Server installed on the remote host is
affected by multiple vulnerabilities:

  - An unspecified vulnerability allows a remote unauthenticated 
    attacker with network access to compromise and takeover the 
    StorageTek Tape Analytics SW Tool. (CVE-2019-2725) (CVE-2019-2729)

  - An unspecified vulnerability allows a remote unauthenticated 
    attacker with network access to compromise and takeover the 
    Tape Virtual Storage Manager GUI. (CVE-2019-2725)

  - An unspecified vulnerability in the WLS Core Component allows an 
    authenticated low privileged attacker with network 
    access via HTTP to compromise Oracle WebLogic Server, resulting 
    in unauthorized update, insert or delete access to Oracle 
    WebLogic Server accessible data. (CVE-2019-2824) (CVE-2019-2827)

  - An unspecified vulnerability in the jQuery Component allows an 
    authenticated low privileged attacker with network 
    access via HTTP to compromise Oracle WebLogic Server, resulting 
    in unauthorized update, insert or delete access to Oracle 
    WebLogic Server accessible data. Successful attacks require
    human interaction from actions from another Weblogic user.
    (CVE-2016-71030)

  - An unspecified vulnerability in the Application Container - JavaEE
    Component of Oracle WebLogic Server allows an unauthenticated
    attacker with network access via T3 to compromise Oracle WebLogic
    Server. A successful attack of this vulnerability could result in
    takeover of Oracle WebLogic Server. (CVE-2019-2856)
    
  - An unspecified vulnerability in the Sample apps (Spring Framework)
    Component of Oracle WebLogic Server allows an unauthenticated
    attacker with network access via HTTP to compromise Oracle WebLogic
    Server. A successful attack of this vulnerability could result in
    unauthorized ability to cause a hang or frequently repeatable crash
    (complete DOS) of Oracle WebLogic Server. (CVE-2018-15756)");
  # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9aa2b901");
  # https://www.oracle.com/technetwork/security-advisory/cpujul2019verbose-5072838.html#FMW
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?09b101ce");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2019 Oracle
Critical Patch Update advisory.

Refer to Oracle for any additional patch instructions or
mitigation options.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2729");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Oracle Weblogic Server Deserialization RCE - AsyncResponseService');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"agent", value:"all");


  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:weblogic_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_weblogic_server_installed.nbin", "os_fingerprint.nasl");
  script_require_keys("installed_sw/Oracle WebLogic Server");

  exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('install_func.inc');
include('obj.inc');
include('spad_log_func.inc');

app_name = "Oracle WebLogic Server";

install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
ohome = install["Oracle Home"];
subdir = install["path"];
version = install["version"];

fix = NULL;
fix_ver = NULL;

spad_log(message:"checking version [" + version + "]");
# individual security patches
if (version =~ "^12\.2\.1\.3($|[^0-9])")
{
  fix_ver = "12.2.1.3.190522";
  fix = make_list("29814665");
}
else if (version =~ "^12\.1\.3\.")
{
  fix_ver = "12.1.3.0.190716";
  fix = make_list("29633448");
}
else if (version =~ "^10\.3\.6\.")
{
  fix_ver = "10.3.6.0.190716";
  fix = make_list("MXLE"); # patchid is obtained from the readme and 10.3.6.x assets are different
}
else
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);

spad_log(message:"checking fix [" + obj_rep(fix) + "]");
PATCHED=FALSE;

# Iterate over the list of patches and check the install for the patchID
foreach id (fix)
{
 spad_log(message:"Checking fix id: [" + id +"]");
 if (install[id])
 {
   PATCHED=TRUE;
   break;
 }
}

VULN=FALSE;
if (ver_compare(ver:version, fix:fix_ver, strict:FALSE) == -1)
  VULN=TRUE;

if (PATCHED || !VULN)
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);

os = get_kb_item_or_exit("Host/OS");
if ('windows' >< tolower(os))
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;
}
else port = 0;

report =
  '\n  Oracle Home    : ' + ohome +
  '\n  Install path   : ' + subdir +
  '\n  Version        : ' + version +
  '\n  Fixes          : ' + join(sep:", ", fix);

security_report_v4(extra:report, severity:SECURITY_HOLE, port:port);

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(124157);
  script_version("1.3");
  script_cvs_date("Date: 2019/04/30 14:30:16");

  script_cve_id(
    "CVE-2018-0734",
    "CVE-2018-0735",
    "CVE-2018-11039",
    "CVE-2018-11040",
    "CVE-2018-12539",
    "CVE-2018-1257",
    "CVE-2018-1258",
    "CVE-2018-15756",
    "CVE-2018-1656",
    "CVE-2018-5407"
  );
  script_bugtraq_id(
    104222,
    104260,
    105118,
    105126,
    105703,
    105750,
    105758,
    105897
  );
  script_xref(name:"IAVA", value:"2019-A-0130");

  script_name(english:"Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)");
  script_summary(english:"Checks for the patch ID.");

  script_set_attribute(attribute:"synopsis", value:
"An enterprise management application installed on the remote host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle Enterprise Manager Cloud Control installed on
the remote host is affected by multiple vulnerabilities in
Enterprise Manager Base Platform component:

  - Networking component of Enterprise Manager Base Platform (Spring Framework)
  is easily exploited and may allow an unauthenticated, remote attacker to takeover
  the Enterprise Manager Base Platform.
  (CVE-2018-1258, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-15756)

  - Agent Next Gen (IBM Java) vulnerability allows unauthenticated, remote attacker
  unauthorized access to critical data or complete access to all Enterprise Manager
  Base Platform accessible data. (CVE-2018-1656, CVE-2018-12539)

  - An information disclosure vulnerability exists in OpenSSL due to the potential
  for a side-channel timing attack. An unauthenticated attacker can exploit
  this to disclose potentially sensitive information. 
  (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)
");
  # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9166970d");
  # https://support.oracle.com/rs?type=doc&id=2498664.1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ba7181fa");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2019
Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1258");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_enterprise_manager_installed.nbin");
  script_require_keys("installed_sw/Oracle Enterprise Manager Cloud Control");

  exit(0);
}

include('global_settings.inc');
include('misc_func.inc');
include('oracle_rdbms_cpu_func.inc');
include('install_func.inc');

product = 'Oracle Enterprise Manager Cloud Control';
install = get_single_install(app_name:product, exit_if_unknown_ver:TRUE);
version = install['version'];
emchome = install['path'];

patchid = NULL;
missing = NULL;
patched = FALSE;
fix = NULL;

if (version =~ '^13\\.3\\.0\\.0(\\.[0-9]+)?$')
{
  patchid = '29433931';
  fix = '13.3.0.0.190416';
}
else if (version =~ '^13\\.2\\.0\\.0(\\.[0-9]+)?$')
{
  patchid = '29433916';
  fix = '13.2.0.0.190416';
}
else if (version =~ '^12\\.1\\.0\\.5(\\.[0-9]+)?$')
{
  patchid = '29433895';
  fix = '12.1.0.5.190416';
}

if (isnull(patchid))
  audit(AUDIT_HOST_NOT, 'affected');

# compare version to check if we've already adjusted for patch level during detection
if (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)
  audit(AUDIT_INST_PATH_NOT_VULN, product, version, emchome);

# Now look for the affected components
patchesinstalled = find_patches_in_ohomes(ohomes:make_list(emchome));
if (isnull(patchesinstalled))
  missing = patchid;
else
{
  foreach applied (keys(patchesinstalled[emchome]))
  {
    if (applied == patchid)
    {
      patched = TRUE;
      break;
    }
    else
    {
      foreach bugid (patchesinstalled[emchome][applied]['bugs'])
      {
        if (bugid == patchid)
        {
          patched = TRUE;
          break;
        }
      }
      if (patched) break;
    }
  }
  if (!patched)
    missing = patchid;
}

if (empty_or_null(missing))
  audit(AUDIT_HOST_NOT, 'affected');

order = make_list('Product', 'Version', 'Missing patch');
report = make_array(
  order[0], product,
  order[1], version,
  order[2], patchid
);
report = report_items_str(report_items:report, ordered_fields:order);

security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(129973);
  script_version("1.2");
  script_cvs_date("Date: 2019/10/17 14:31:04");

  script_cve_id("CVE-2018-15756");
  script_bugtraq_id(105703);

  script_name(english:"Oracle GoldenGate for Big Data 12.3.1.1.x < 12.3.1.1.6 / 12.3.2.1.x < 12.3.2.1.5 Spring Framework DoS (Oct 2019 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The Oracle GoldenGate for Big Data application on the remote host is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote
host is 12.3.1.1.x less than 12.3.1.1.6 or 12.3.2.1.x less than 12.3.2.1.5. It is, therefore, affected by a denial of
service (DoS) vulnerability. This vulnerability is due to its use of Spring Framework, which provides support for range
requests when serving static resources through the ResourceHttpRequestHandler or when an annotated controller returns
an org.springframework.core.io.Resource. An unauthenticated, remote attacker can exploit this issue by adding a range
header with a high number of ranges, or with wide ranges that overlap, or both to cause the application to stop
responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b370bc74");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patches according to the October 2019 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-15756");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/16");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:goldengate_application_adapters:");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_goldengate_for_big_data_installed.nbin");
  script_require_keys("Settings/ParanoidReport", "installed_sw/Oracle GoldenGate for Big Data");

  exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('vcf.inc');

// Paranoid because the detection is looking for the presence of JAR files. It's possible that the customer has JAR
// files from outdated versions on their system, but is not currently using them.
if (report_paranoia < 2) audit(AUDIT_PARANOID);

app_name = 'Oracle GoldenGate for Big Data';
app_info = vcf::get_app_info(app:app_name);

constraints = [
  { 'min_version':'12.3.1.1', 'fixed_version':'12.3.1.1.6' },
  { 'min_version':'12.3.2.1', 'fixed_version':'12.3.2.1.5' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(125147);
  script_version("1.2");
  script_cvs_date("Date: 2019/05/17  9:44:17");

  script_cve_id(
    "CVE-2016-1000031",
    "CVE-2018-0161",
    "CVE-2018-0734",
    "CVE-2018-0735",
    "CVE-2018-5407",
    "CVE-2018-11763",
    "CVE-2017-9798",
    "CVE-2018-1258",
    "CVE-2018-11039",
    "CVE-2018-11040",
    "CVE-2018-1257",
    "CVE-2018-15756"
  );

  script_bugtraq_id(
    93604,
    100872,
    103573,
    104222,
    104260,
    105414,
    105703,
    105750,
    105758,
    105897,
    107984,
    107986
  );
  script_xref(name:"IAVA", value:"2019-A-0130");

  script_name(english:"Oracle Enterprise Manager Ops Center (Apr 2019 CPU)");
  script_summary(english:"Checks for the patch ID.");
  script_set_attribute(attribute:"synopsis", value:
"An enterprise management application installed on the remote host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle Enterprise Manager Cloud Control installed on
the remote host is affected by multiple vulnerabilities in
Enterprise Manager Base Platform component:

  - A deserialization vulnerability in Apache Commons
    FileUpload allows for remote code execution.
    (CVE-2016-1000031)

  - An information disclosure vulnerability exists in OpenSSL
    due to the potential for a side-channel timing attack.
    An unauthenticated attacker can exploit this to disclose
    potentially sensitive information. (CVE-2018-0734)

  - A denial of service (DoS) vulnerability exists in Apache
    HTTP Server 2.4.17 to 2.4.34, due to a design error. An
    unauthenticated, remote attacker can exploit this issue
    by sending continuous, large SETTINGS frames to cause a
    client to occupy a connection, server thread and CPU
    time without any connection timeout coming to effect.
    This affects only HTTP/2 connections. A possible
    mitigation is to not enable the h2 protocol.
    (CVE-2018-11763).

  - Networking component of Enterprise Manager Base Platform
    (Spring Framework) is easily exploited and may allow an
    unauthenticated, remote attacker to takeover the
    Enterprise Manager Base Platform. (CVE-2018-1258)

");
  # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9166970d");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2019
Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000031");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_ops_center");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_enterprise_manager_ops_center_installed.nbin");
  script_require_keys("installed_sw/Oracle Enterprise Manager Ops Center");

  exit(0);
}

include('global_settings.inc');
include('misc_func.inc');
include('install_func.inc');

get_kb_item_or_exit('Host/local_checks_enabled');
app_name = 'Oracle Enterprise Manager Ops Center';

install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
version = install['version'];
version_full = install['Full Patch Version'];
path = install['path'];
patch_version = install['Patch Version'];


patchid = NULL;
fix = NULL;

if (version_full =~ "^12\.3\.3\.")
{
  patchid = '29623885';
  fix = '1819';
} 

if (isnull(patchid))
  audit(AUDIT_HOST_NOT, 'affected');

if (ver_compare(ver:patch_version, fix:fix, strict:FALSE) != -1)
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_full, path);

report = 
  '\n Path                : ' + path + 
  '\n Version             : ' + version + 
  '\n Ops Agent Version   : ' + version_full + 
  '\n Current Patch       : ' + patch_version + 
  '\n Fixed Patch Version : ' + fix +
  '\n Fix                 : ' + patchid;

security_report_v4(extra:report, severity:SECURITY_HOLE, port:0);

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(136091);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/27");

  script_cve_id(
    "CVE-2016-6814",
    "CVE-2016-1000031",
    "CVE-2018-8013",
    "CVE-2018-15756"
  );
  script_xref(name:"IAVA", value:"2019-A-0256");

  script_name(english:"Oracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by multiple security vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities :

  - A deserialization vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware
    (subcomponent: Advanced UI (Apache Groovy)) due to a lack of isolation of object deserialization code. An
    unauthenticated, remote attacker can exploit this, via HTTP, to execute arbitrary code on the target host.
    (CVE-2016-6814)

  - A remote code execution vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion
    Middleware (subcomponent: Advanced UI (Apache Commons FileUpload)) due to an unspecified reason. An
    unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands.
    (CVE-2016-1000031)

  - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion
    Middleware (subcomponent: Third Party Tools (Apache Batik)) due to an issue with deserialization. An
    unauthenticated, remote attacker can exploit this issue, via HTTP, to cause the application to stop
    functioning properly. (CVE-2018-8013)

  - A denial of service (DoS) vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion
    Middleware (subcomponent: Advanced UI (Spring Framework)) due to an issue handling range requests with
    a high number of ranges, wide ranges that overlap, or both. An unauthenticated, remote attacker can
    exploit this issue, via HTTP, to cause the application to stop responding. (CVE-2018-15765)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's
self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujul2019.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2019 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000031");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_webcenter_sites_installed.nbin");
  script_require_keys("SMB/WebCenter_Sites/Installed");

  exit(0);
}

get_kb_item_or_exit('SMB/WebCenter_Sites/Installed');

port = get_kb_item('SMB/transport');
if (isnull(port))
  port = 445;

versions = get_kb_list('SMB/WebCenter_Sites/*/Version');
if (isnull(versions)) exit(1, 'Unable to obtain a version list for Oracle WebCenter Sites.');

report = '';

# vulnerable versions: 
# - 12.2.1.3.0 - Revision 185862, Patch 29957990
#     Note that the revision does not match up with the version suffix shown in the readme

foreach key (keys(versions))
{
  fix = '';

  version = versions[key];
  revision = get_kb_item(key - '/Version' + '/Revision');
  path = get_kb_item(key - '/Version' + '/Path');

  if (isnull(version) || isnull(revision)) continue;

  # Patch 29957990 - 12.2.1.3.0 < Revision 185862
  if (version =~ "^12\.2\.1\.3\.0$" && revision < 185862)
  {
    fix = '\n  Fixed revision : 185862' +
          '\n  Required patch : 29957990';
  }

  if (fix != '')
  {
    if (!isnull(path)) report += '\n  Path           : ' + path;
    report += '\n  Version        : ' + version +
              '\n  Revision       : ' + revision +
              fix + '\n';
  }
}

if (report != '') security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
else audit(AUDIT_INST_VER_NOT_VULN, "Oracle WebCenter Sites");

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(126828);
  script_version("1.2");
  script_cvs_date("Date: 2019/10/18 23:14:14");

  script_cve_id(
    "CVE-2018-15756",
    "CVE-2018-19360",
    "CVE-2018-19361",
    "CVE-2018-19362"
  );
  script_bugtraq_id(105703, 107985);

  script_name(english:"Oracle Primavera Gateway Multiple Vulnerabilities (Jul 2019 CPU)");
  script_summary(english:"Checks the version of Oracle Primavera Gateway.");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote web server is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Oracle Primavera
Gateway installation running on the remote web server is 15.x prior to 
15.2.16, 16.x prior to 16.2.9, 17.x prior to 17.12.4, or 18.x prior to
18.8.6. It is, therefore, affected by multiple vulnerabilities:

  - An unspecified vulnerability in the Spring Framework,
    version 5.1, versions 5.0.x prior to 5.0.10, versions
    4.3.x prior to 4.3.20, and older unsupported versions
    on the 4.2.x branch allows an a malicious user to add
    a range header with a high number of ranges, or with
    wide ranges that overlap, or both, to cause a denial
    of service. (CVE-2018-15756)

  - FasterXML jackson-databind 2.x before 2.9.8 might allow
    attackers to have unspecified impact by leveraging
    failure to block the axis2-transport-jms class from
    polymorphic deserialization. (CVE-2018-19360)

  - FasterXML jackson-databind 2.x before 2.9.8 might allow
    attackers to have unspecified impact by leveraging
    failure to block the openjpa class from polymorphic
    deserialization. (CVE-2018-19361)

  - FasterXML jackson-databind 2.x before 2.9.8 might allow
    attackers to have unspecified impact by leveraging
    failure to block the jboss-common-core class from
    polymorphic deserialization. (CVE-2018-19362)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixPVA
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?25a1b782");
  # https://support.oracle.com/rs?type=doc&id=2555549.1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b5f18b61");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Oracle Primavera Gateway version 15.2.16 / 16.2.9 / 17.12.4
/ 18.8.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19362");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/19");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:oracle:primavera_gateway");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_primavera_gateway.nbin");
  script_require_keys("installed_sw/Oracle Primavera Gateway");
  script_require_ports("Services/www", 8006);

  exit(0);
}

include('http.inc');
include('vcf.inc');

get_install_count(app_name:'Oracle Primavera Gateway', exit_if_zero:TRUE);

port = get_http_port(default:8006);

app_info = vcf::get_app_info(app:'Oracle Primavera Gateway', port:port);

vcf::check_granularity(app_info:app_info, sig_segments:2);

constraints = [
  { 'min_version' : '15.0.0', 'fixed_version' : '15.2.16' },
  { 'min_version' : '16.0.0', 'fixed_version' : '16.2.9' },
  { 'min_version' : '17.0.0', 'fixed_version' : '17.12.4' },
  { 'min_version' : '18.0.0', 'fixed_version' : '18.8.6' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE); 

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(136284);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");

  script_cve_id("CVE-2018-15756", "CVE-2019-0222");

  script_name(english:"Oracle Identity Manager Connector Multiple Vulnerabilities (April 2020 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by a remote
security vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote host is missing the April 2020 Critical Patch Update for
Oracle Identity Manager Connector. It is, therefore, affected by multiple vulnerabilities:

 - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware 
 (component: General (Apache ActiveMQ)). The supported version that is affected is 9.0. Easily exploitable 
 vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager Connector. 
 Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable 
 crash (complete DOS) of Identity Manager Connector. (CVE-2019-0222)

 - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: LDAP Gateway 
 (Spring Framework)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows 
 unauthenticated attacker with network access via HTTP to compromise Identity Manager Connector. Successful attacks of 
 this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of
 Identity Manager Connector. (CVE-2018-15756)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2020.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2020 Oracle
Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0222");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(94);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:identity_manager");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_identity_management_installed.nbin");
  script_require_keys("installed_sw/Oracle Identity Manager");

  exit(0);
}
include('vcf.inc');

appname = 'Oracle Identity Manager';

app_info = vcf::get_app_info(app:appname);
 
constraints = [
  {'min_version': '9.0', 'fixed_version': '9.1'}
];
vcf::check_version_and_report(app_info: app_info, constraints: constraints, severity: SECURITY_WARNING);