Vulnerabilities > CVE-2019-2956 - Unspecified vulnerability in Oracle Database Server

047910
CVSS 3.5 - LOW
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
oracle
nessus

Summary

Vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Core RDBMS (jackson-databind). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS (jackson-databind). CVSS 3.0 Base Score 5.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).

Nessus

NASL familyDatabases
NASL idORACLE_RDBMS_CPU_OCT_2019.NASL
descriptionThe remote Oracle Database Server is missing the October 2019 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability in the Java VM component of Oracle Database Server, which could allow an unauthenticated, remote attacker to manipulate Java VM accessible data. (CVE-2019-2909) - An unspecified vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server, which could allow an authenticated, remote attacker to cause a denial of serivce of Core RDBMS. (CVE-2019-2956) - An unspecified vulnerability in the Core RDBMS component of Oracle Database Server, which could allow an authenticated, remote attacker to read a subset of Core RDBMS accessible data. (CVE-2019-2913) It is also affected by additional vulnerabilities; see the vendor advisory for more information.
last seen2020-06-02
modified2019-10-18
plugin id130058
published2019-10-18
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/130058
titleOracle Database Server Multiple Vulnerabilities (Oct 2019 CPU)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(130058);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");

  script_cve_id(
    "CVE-2018-2875",
    "CVE-2018-8034",
    "CVE-2018-11784",
    "CVE-2018-14719",
    "CVE-2018-14720",
    "CVE-2018-14721",
    "CVE-2018-19360",
    "CVE-2018-19361",
    "CVE-2018-19362",
    "CVE-2018-1000873",
    "CVE-2019-2734",
    "CVE-2019-2909",
    "CVE-2019-2913",
    "CVE-2019-2939",
    "CVE-2019-2940",
    "CVE-2019-2954",
    "CVE-2019-2955",
    "CVE-2019-2956"
  );

  script_name(english:"Oracle Database Server Multiple Vulnerabilities (Oct 2019 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Database Server is missing the October 2019 Critical Patch Update (CPU). It is, therefore, affected
by multiple vulnerabilities :

  - An unspecified vulnerability in the Java VM component of Oracle Database Server, which could allow an
    unauthenticated, remote attacker to manipulate Java VM accessible data. (CVE-2019-2909)

  - An unspecified vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server,
    which could allow an authenticated, remote attacker to cause a denial of serivce of Core RDBMS. (CVE-2019-2956)

  - An unspecified vulnerability in the Core RDBMS component of Oracle Database Server, which could allow an
    authenticated, remote attacker to read a subset of Core RDBMS accessible data. (CVE-2019-2913)

It is also affected by additional vulnerabilities; see the vendor advisory for more information.");
  # https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixDB
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fb3a89d4");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2019 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19362");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date",value:"2019/10/15");
  script_set_attribute(attribute:"patch_publication_date",value:"2019/10/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/18");

  script_set_attribute(attribute:"plugin_type",value:"combined");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"agent", value:"all");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");

  exit(0);
}

include("oracle_rdbms_cpu_func.inc");

patches = make_nested_array();

# RDBMS 19.5.0.0
patches["19.5.0.0"]["db"]["nix"] = make_array("patch_level", "19.5.0.0.191015", "CPU", "30125133");
patches["19.5.0.0"]["db"]["win"] = make_array("patch_level", "19.5.0.0.191015", "CPU", "30151705");
# RDBMS 19.4.1.0
patches["19.4.1.0"]["db"]["nix"] = make_array("patch_level", "19.4.1.0.191015", "CPU", "30080447");
# RDBMS 19.3.2.0
patches["19.3.2.0"]["db"]["nix"] = make_array("patch_level", "19.3.2.0.191015", "CPU", "30087906");
# RDBMS 18.8.0.0
patches["18.8.0.0"]["db"]["nix"] = make_array("patch_level", "18.8.0.0.191015", "CPU", "30112122");
patches["18.8.0.0"]["db"]["win"] = make_array("patch_level", "18.8.0.0.191015", "CPU", "30150321");
# RDVMS 18.7.0.0
patches["18.7.0.0"]["db"]["nix"] = make_array("patch_level", "18.7.0.0.191015", "CPU", "30080518");
# RDBMS 18.6.0.0
patches["18.6.0.0"]["db"]["nix"] = make_array("patch_level", "18.6.0.0.191015", "CPU", "30087881");
# RDBMS 12.2.0.1
patches["12.2.0.1"]["db"]["nix"] = make_array("patch_level", "12.2.0.1.191015", "CPU", "30087824, 30087848, 30138470");
patches["12.2.0.1"]["db"]["win"] = make_array("patch_level", "12.2.0.1.191015", "CPU", "30150416");
# RDBMS 12.1.0.2
patches["12.1.0.2"]["db"]["nix"] = make_array("patch_level", "12.1.0.2.191015", "CPU", "29972716, 29918340");
patches["12.1.0.2"]["db"]["win"] = make_array("patch_level", "12.1.0.2.191015", "CPU", "30049606");
# RDBMS 11.2.0.4
patches["11.2.0.4"]["db"]["nix"] = make_array("patch_level", "11.2.0.4.191015", "CPU", "30070157, 29913194, 30237239");
patches["11.2.0.4"]["db"]["win"] = make_array("patch_level", "11.2.0.4.191015", "CPU", "30151661");

# OJVM 19.5.0.0
patches["19.5.0.0"]["ojvm"]["nix"] = make_array("patch_level", "19.5.0.0.191015", "CPU", "30128191");
# OJVM 18.8.0.0
patches["18.8.0.0"]["ojvm"]["nix"] = make_array("patch_level", "18.8.0.0.191015", "CPU", "30133603");
# OJVM 12.2.0.1
patches["12.2.0.1"]["ojvm"]["nix"] = make_array("patch_level", "12.2.0.1.191015", "CPU", "30133625");
patches["12.2.0.1"]["ojvm"]["win"] = make_array("patch_level", "12.2.0.1.191015", "CPU", "30268021");
# OJVM 12.1.0.2
patches["12.1.0.2"]["ojvm"]["nix"] = make_array("patch_level", "12.1.0.2.191015", "CPU", "30128197");
patches["12.1.0.2"]["ojvm"]["win"] = make_array("patch_level", "12.1.0.2.191015", "CPU", "30268189");
# OJVM 11.2.0.4
patches["11.2.0.4"]["ojvm"]["nix"] = make_array("patch_level", "11.2.0.4.191015", "CPU", "30132974");
patches["11.2.0.4"]["ojvm"]["win"] = make_array("patch_level", "11.2.0.4.191015", "CPU", "30268157");

check_oracle_database(patches:patches, high_risk:TRUE);