Vulnerabilities > CVE-2019-2909 - Unspecified vulnerability in Oracle Database Server

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
high complexity
oracle
nessus

Summary

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).

Nessus

NASL familyDatabases
NASL idORACLE_RDBMS_CPU_OCT_2019.NASL
descriptionThe remote Oracle Database Server is missing the October 2019 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability in the Java VM component of Oracle Database Server, which could allow an unauthenticated, remote attacker to manipulate Java VM accessible data. (CVE-2019-2909) - An unspecified vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server, which could allow an authenticated, remote attacker to cause a denial of serivce of Core RDBMS. (CVE-2019-2956) - An unspecified vulnerability in the Core RDBMS component of Oracle Database Server, which could allow an authenticated, remote attacker to read a subset of Core RDBMS accessible data. (CVE-2019-2913) It is also affected by additional vulnerabilities; see the vendor advisory for more information.
last seen2020-06-02
modified2019-10-18
plugin id130058
published2019-10-18
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/130058
titleOracle Database Server Multiple Vulnerabilities (Oct 2019 CPU)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(130058);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");

  script_cve_id(
    "CVE-2018-2875",
    "CVE-2018-8034",
    "CVE-2018-11784",
    "CVE-2018-14719",
    "CVE-2018-14720",
    "CVE-2018-14721",
    "CVE-2018-19360",
    "CVE-2018-19361",
    "CVE-2018-19362",
    "CVE-2018-1000873",
    "CVE-2019-2734",
    "CVE-2019-2909",
    "CVE-2019-2913",
    "CVE-2019-2939",
    "CVE-2019-2940",
    "CVE-2019-2954",
    "CVE-2019-2955",
    "CVE-2019-2956"
  );

  script_name(english:"Oracle Database Server Multiple Vulnerabilities (Oct 2019 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Database Server is missing the October 2019 Critical Patch Update (CPU). It is, therefore, affected
by multiple vulnerabilities :

  - An unspecified vulnerability in the Java VM component of Oracle Database Server, which could allow an
    unauthenticated, remote attacker to manipulate Java VM accessible data. (CVE-2019-2909)

  - An unspecified vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server,
    which could allow an authenticated, remote attacker to cause a denial of serivce of Core RDBMS. (CVE-2019-2956)

  - An unspecified vulnerability in the Core RDBMS component of Oracle Database Server, which could allow an
    authenticated, remote attacker to read a subset of Core RDBMS accessible data. (CVE-2019-2913)

It is also affected by additional vulnerabilities; see the vendor advisory for more information.");
  # https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixDB
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fb3a89d4");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2019 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19362");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date",value:"2019/10/15");
  script_set_attribute(attribute:"patch_publication_date",value:"2019/10/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/18");

  script_set_attribute(attribute:"plugin_type",value:"combined");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"agent", value:"all");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");

  exit(0);
}

include("oracle_rdbms_cpu_func.inc");

patches = make_nested_array();

# RDBMS 19.5.0.0
patches["19.5.0.0"]["db"]["nix"] = make_array("patch_level", "19.5.0.0.191015", "CPU", "30125133");
patches["19.5.0.0"]["db"]["win"] = make_array("patch_level", "19.5.0.0.191015", "CPU", "30151705");
# RDBMS 19.4.1.0
patches["19.4.1.0"]["db"]["nix"] = make_array("patch_level", "19.4.1.0.191015", "CPU", "30080447");
# RDBMS 19.3.2.0
patches["19.3.2.0"]["db"]["nix"] = make_array("patch_level", "19.3.2.0.191015", "CPU", "30087906");
# RDBMS 18.8.0.0
patches["18.8.0.0"]["db"]["nix"] = make_array("patch_level", "18.8.0.0.191015", "CPU", "30112122");
patches["18.8.0.0"]["db"]["win"] = make_array("patch_level", "18.8.0.0.191015", "CPU", "30150321");
# RDVMS 18.7.0.0
patches["18.7.0.0"]["db"]["nix"] = make_array("patch_level", "18.7.0.0.191015", "CPU", "30080518");
# RDBMS 18.6.0.0
patches["18.6.0.0"]["db"]["nix"] = make_array("patch_level", "18.6.0.0.191015", "CPU", "30087881");
# RDBMS 12.2.0.1
patches["12.2.0.1"]["db"]["nix"] = make_array("patch_level", "12.2.0.1.191015", "CPU", "30087824, 30087848, 30138470");
patches["12.2.0.1"]["db"]["win"] = make_array("patch_level", "12.2.0.1.191015", "CPU", "30150416");
# RDBMS 12.1.0.2
patches["12.1.0.2"]["db"]["nix"] = make_array("patch_level", "12.1.0.2.191015", "CPU", "29972716, 29918340");
patches["12.1.0.2"]["db"]["win"] = make_array("patch_level", "12.1.0.2.191015", "CPU", "30049606");
# RDBMS 11.2.0.4
patches["11.2.0.4"]["db"]["nix"] = make_array("patch_level", "11.2.0.4.191015", "CPU", "30070157, 29913194, 30237239");
patches["11.2.0.4"]["db"]["win"] = make_array("patch_level", "11.2.0.4.191015", "CPU", "30151661");

# OJVM 19.5.0.0
patches["19.5.0.0"]["ojvm"]["nix"] = make_array("patch_level", "19.5.0.0.191015", "CPU", "30128191");
# OJVM 18.8.0.0
patches["18.8.0.0"]["ojvm"]["nix"] = make_array("patch_level", "18.8.0.0.191015", "CPU", "30133603");
# OJVM 12.2.0.1
patches["12.2.0.1"]["ojvm"]["nix"] = make_array("patch_level", "12.2.0.1.191015", "CPU", "30133625");
patches["12.2.0.1"]["ojvm"]["win"] = make_array("patch_level", "12.2.0.1.191015", "CPU", "30268021");
# OJVM 12.1.0.2
patches["12.1.0.2"]["ojvm"]["nix"] = make_array("patch_level", "12.1.0.2.191015", "CPU", "30128197");
patches["12.1.0.2"]["ojvm"]["win"] = make_array("patch_level", "12.1.0.2.191015", "CPU", "30268189");
# OJVM 11.2.0.4
patches["11.2.0.4"]["ojvm"]["nix"] = make_array("patch_level", "11.2.0.4.191015", "CPU", "30132974");
patches["11.2.0.4"]["ojvm"]["win"] = make_array("patch_level", "11.2.0.4.191015", "CPU", "30268157");

check_oracle_database(patches:patches, high_risk:TRUE);