Vulnerabilities > CVE-2019-2751 - Unspecified vulnerability in Oracle Http Server 12.1.3.0.0/12.2.1.3.0

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
high complexity
oracle
nessus
NVD
Published: 2019-07-23
Updated: 2020-08-24

Summary

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OHS Config MBeans). Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vulnerable Configurations

Part Description Count
Application
Oracle
2

Nessus

NASL familyWeb Servers
NASL idORACLE_HTTP_SERVER_CPU_JUL_2019.NASL
descriptionThe version of Oracle HTTP Server installed on the remote host is affected by the following vulnerabilities as noted in the July 2019 CPU advisory : - A privilege escalation vulnerability exists in the web listener component. An authenticated, local attacker can exploit this, to gain privileged access to the system. (CVE-2019-0211) - A security bypass vulnerability exists in the OHS Config MBeans component. An unauthenticated, remote attacker can exploit this, to access confidential information. (CVE-2019-2751)
last seen2020-03-18
modified2019-07-18
plugin id126781
published2019-07-18
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/126781
titleOracle Fusion Middleware Oracle HTTP Server (Jul 2019 CPU)
code
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(126781);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");

  script_cve_id("CVE-2019-0211", "CVE-2019-2751");
  script_bugtraq_id(107666, 109255);

  script_name(english:"Oracle Fusion Middleware Oracle HTTP Server (Jul 2019 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle HTTP Server installed on the remote host is affected by the following vulnerabilities as noted in
the July 2019 CPU advisory : 

  - A privilege escalation vulnerability exists in the web listener component. An authenticated, local attacker can
    exploit this, to gain privileged access to the system. (CVE-2019-0211)

  - A security bypass vulnerability exists in the OHS Config MBeans component. An unauthenticated, remote attacker can
    exploit this, to access confidential information. (CVE-2019-2751)");
  # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixFMW
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f16f2418");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2019 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0211");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:http_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_http_server_installed.nbin");
  script_require_keys("Oracle/OHS/Installed");

  exit(0);
}

include('oracle_http_server_patch_func.inc');

get_kb_item_or_exit('Oracle/OHS/Installed');
install_list = get_kb_list_or_exit('Oracle/OHS/*/EffectiveVersion');

install = branch(install_list, key:TRUE, value:TRUE);

patches = make_array();
patches['12.2.1.3'] = make_array('fix_ver', '12.2.1.3.190808', 'patch', '30158713');

oracle_http_server_check_vuln(
  install : install,
  min_patches : patches,
  severity : SECURITY_HOLE
);

References