Vulnerabilities > CVE-2018-2791 - Unspecified vulnerability in Oracle Webcenter Sites 11.1.1.8.0/12.2.1.2.0/12.2.1.3.0

047910
CVSS 8.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
LOW
Availability impact
NONE
network
low complexity
oracle
nessus
exploit available
NVD
Published: 2018-04-19
Updated: 2019-10-03

Summary

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

Vulnerable Configurations

Part Description Count
Application
Oracle
3

Exploit-Db

descriptionOracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting. CVE-2018-2791. Webapps exploit for Multiple platform
fileexploits/multiple/webapps/44752.txt
idEDB-ID:44752
last seen2018-05-25
modified2018-05-25
platformmultiple
port
published2018-05-25
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44752/
titleOracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting
typewebapps

Nessus

NASL familyWindows
NASL idORACLE_WEBCENTER_SITES_APR_2018_CPU.NASL
descriptionThe version of Oracle WebCenter Sites running on the remote host is affected by an unspecified flaw in the Sites component (formerly FatWire Content Server) that allows an remote attacker to impact confidentiality and integrity. Note that this issue only applies to versions 11.1.1.8.0, 12.2.1.2.0,and 12.2.1.3.0.
last seen2020-05-08
modified2018-04-20
plugin id109209
published2018-04-20
reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/109209
titleOracle WebCenter Sites Remote Vulnerability (April 2018 CPU)
code
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(109209);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/06");

  script_cve_id("CVE-2016-3092", "CVE-2017-12617", "CVE-2018-2791");
  script_bugtraq_id(91453, 100954, 103800);

  script_name(english:"Oracle WebCenter Sites Remote Vulnerability (April 2018 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by a remote security vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle WebCenter Sites running on the remote host is affected by an unspecified flaw in the Sites
component (formerly FatWire Content Server) that allows an remote attacker to impact confidentiality and integrity.
Note that this issue only applies to versions 11.1.1.8.0, 12.2.1.2.0,and 12.2.1.3.0.");
  # https://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixFMW
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4e39ef65");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2018 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12617");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat for Windows HTTP PUT Method File Upload");
  script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Tomcat RCE via JSP Upload Bypass');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_webcenter_sites_installed.nbin");
  script_require_keys("SMB/WebCenter_Sites/Installed");

  exit(0);
}

port = get_kb_item('SMB/transport');
if (isnull(port))
  port = 445;

get_kb_item_or_exit('SMB/WebCenter_Sites/Installed');

versions = get_kb_list('SMB/WebCenter_Sites/*/Version');
if (isnull(versions)) exit(1, 'Unable to obtain a version list for Oracle WebCenter Sites.');

report = '';

foreach key (keys(versions))
{
  fix = '';

  version = versions[key];
  revision = get_kb_item(key - '/Version' + '/Revision');
  path = get_kb_item(key - '/Version' + '/Path');

  if (isnull(version) || isnull(revision)) continue;

  # Patch 27589552 - 11.1.1.8.0 < Revision 184362 
  if (version =~ "^11\.1\.1\.8\.0$" && revision < 184362)
    fix = '\n  Fixed revision : 184362' +
          '\n  Required patch : 27589552';

  # Patch 27589545 - 12.2.1.2.0 < Revision 184799
  else if (version =~ "^12\.2\.1\.2\.0$" && revision < 184799)
    fix = '\n  Fixed revision : 184799' +
          '\n  Required patch : 27589545';

  # Patch 27562268 - 12.2.1.3.0 < Revision 184667
  else if (version =~ "^12\.2\.1\.3\.0$" && revision < 184667)
    fix = '\n  Fixed revision : 184667' +
          '\n  Required patch : 27562268';

  if (fix != '')
  {
    if (!isnull(path)) report += '\n  Path           : ' + path;
    report += '\n  Version        : ' + version +
              '\n  Revision       : ' + revision +
              fix + '\n';
  }
}

if (report != '') security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
else audit(AUDIT_INST_VER_NOT_VULN, 'Oracle WebCenter Sites');

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/147885/oraclewebcenterfatwire-xss.txt
idPACKETSTORM:147885
last seen2018-05-29
published2018-05-25
reporterRichard Alviarez
sourcehttps://packetstormsecurity.com/files/147885/Oracle-WebCenter-Fatwire-7.x-Cross-Site-Scripting.html
titleOracle WebCenter (Fatwire) 7.x Cross Site Scripting

References