code | #
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(135676);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/24");
script_cve_id("CVE-2019-11358", "CVE-2019-16943", "CVE-2020-2739");
script_xref(name:"IAVA", value:"2020-A-0153");
script_name(english:"Oracle WebCenter Sites Multiple Vulnerabilities (April 2020 CPU)");
script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by multiple security vulnerabilities.");
script_set_attribute(attribute:"description", value:
"Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities.
- Component: Advanced UI (jQuery). The supported version that is affected is 12.2.1.3.0.
Easily exploitable vulnerability allows unauthenticated attacker with network access via
HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction
from a person other than the attacker and while the vulnerability is in Oracle WebCenter
Sites, attacks may significantly impact additional products. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to some of
Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset
of Oracle WebCenter Sites accessible data (CVE-2019-11358).
- Component: Sites (jackson-databind). Supported versions that are affected are
12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated
attacker with network access via HTTP to compromise Oracle WebCenter Sites.
Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites
(CVE-2019-16943).
- Component: Advanced UI. The supported version that is affected is 12.2.1.3.0.
Easily exploitable vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction
from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites,
attacks may significantly impact additional products. Successful attacks of this vulnerability
can result in unauthorized access to critical data or complete access to all Oracle
WebCenter Sites accessible data (CVE-2020-2739).");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2020.html");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the April 2020 Oracle Critical Patch Update advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16943");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("oracle_webcenter_sites_installed.nbin", "oracle_enum_products_win.nbin");
script_require_keys("SMB/WebCenter_Sites/Installed");
exit(0);
}
include('oracle_rdbms_cpu_func.inc');
port = get_kb_item('SMB/transport');
if (isnull(port))
port = 445;
get_kb_item_or_exit('SMB/WebCenter_Sites/Installed');
versions = get_kb_list('SMB/WebCenter_Sites/*/Version');
if (isnull(versions)) exit(1, 'Unable to obtain a version list for Oracle WebCenter Sites.');
report = '';
# vulnerable versions:
# - 12.2.1.3.0 - Revision 185862, Patch 29957990
# Note that the revision does not match up with the version suffix shown in the readme
#
# - 12.2.1.4.0 - Patch 31101341
# This patch does not change revision. Need to find specific patch
foreach key (keys(versions))
{
fix = '';
version = versions[key];
revision = get_kb_item(key - '/Version' + '/Revision');
path = get_kb_item(key - '/Version' + '/Path');
if (isnull(version) || isnull(revision)) continue;
# Patch 29957990 - 12.2.1.3.0 < Revision 185862
if (version =~ "^12\.2\.1\.3\.0$" && revision < 185862)
{
fix = '\n Fixed revision : 185862' +
'\n Required patch : 29957990';
}
# Patch 31101341 - 12.2.1.4.0
else if (version =~ "^12\.2\.1\.4\.0$")
{
# Revision check does not work. Must find specific patch
patch = '31101341';
oracle_homes = query_scratchpad("SELECT path FROM oracle_homes");
if (!max_index(oracle_homes)) exit(1, 'Failed to get any Oracle homes from the scratchpad.');
ohome = NULL;
# Find the correct ohome
foreach res (oracle_homes)
{
testpath = res['path'];
if (testpath >< tolower(path))
{
ohome = testpath;
break;
}
}
if (empty_or_null(ohome))
exit(1, 'Failed to find the proper Oracle home in the scratchpad.');
patchesinstalled = query_scratchpad("SELECT patchid FROM oracle_patches WHERE ohome=?;", ohome);
patched = FALSE;
# Check if patch is in ohome
if (!isnull(patchesinstalled))
{
patched = FALSE;
foreach item (patchesinstalled)
{
if (item['patchid'] == patch)
patched = TRUE;
}
}
if(!patched)
fix = '\n Required patch : 31101341';
}
if (fix != '')
{
if (!isnull(path)) report += '\n Path : ' + path;
report += '\n Version : ' + version +
'\n Revision : ' + revision +
fix + '\n';
}
}
if (report != '') security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
else audit(AUDIT_INST_VER_NOT_VULN, 'Oracle WebCenter Sites');
|