Vulnerabilities > CVE-2020-2764 - Unspecified vulnerability in Oracle Java Advanced Management Console 2.16
Summary
Vulnerability in the Java SE product of Oracle Java SE (component: Advanced Management Console). The supported version that is affected is Java Advanced Management Console: 2.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family Windows NASL id ORACLE_JAVA_CPU_APR_2020.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - Oracle Java SE and Java SE Embedded are prone to a buffer overflow attack, over last seen 2020-04-23 modified 2020-04-16 plugin id 135592 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135592 title Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU) code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(135592); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/17"); script_cve_id( "CVE-2019-18197", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2764", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830" ); script_xref(name:"IAVA", value:"2020-A-0134-S"); script_name(english:"Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU)"); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by multiple vulnerabilities"); script_set_attribute(attribute:"description", value: "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - Oracle Java SE and Java SE Embedded are prone to a buffer overflow attack, over 'Multiple' protocol. This issue affects the 'JavaFX (libxslt)' component. Successful attacks of this vulnerability allow unauthenticated attacker with network access to takeover of Java SE. (CVE-2019-18197) - Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2754, CVE-2020-2755) - Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Serialization' component. (CVE-2020-2756, CVE-2020-2757) - Oracle Java SE prone to unauthorized read access vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol can result in unauthorized read access to a subset of Java SE accessible data. This issue affects the 'Advanced Management Console' component. (CVE-2020-2764) - Oracle Java SE and Java SE Embedded are prone to unauthorized write/read access vulnerability. An unauthenticated remote attacker over 'HTTPS' can read, update, insert or delete access to some of Java SE accessible data. This issue affects the 'JSSE' component. (CVE-2020-2767) - Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2773) It is also affected by other vulnerabilities; please see vendor advisories for more information. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/a/tech/docs/cpuapr2020cvrf.xml"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2020.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Oracle JDK / JRE 14 Update 1 , 11 Update 7, 8 Update 251 , 7 Update 261 or later. If necessary, remove any affected versions."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/14"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed.nasl"); script_require_keys("SMB/Java/JRE/Installed"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); # Check each installed JRE. installs = get_kb_list_or_exit("SMB/Java/JRE/*"); info = ""; vuln = 0; installed_versions = ""; foreach install (list_uniq(keys(installs))) { ver = install - "SMB/Java/JRE/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; # Fixes : (JDK|JRE) 13 Update 2 / 11 Update 6 / 8 Update 214 / 7 Update 251 if ( ver_compare(minver:"1.7.0", ver:ver, fix:"1.7.0_261", regexes:{0:"_(\d+)"}, strict:FALSE) < 0 || ver_compare(minver:"1.8.0", ver:ver, fix:"1.8.0_251", regexes:{0:"_(\d+)"}, strict:FALSE) < 0 || ver_compare(minver:"1.11.0", ver:ver, fix:"1.11.0_7", regexes:{0:"_(\d+)"}, strict:FALSE) < 0 || ver_compare(minver:"1.13.0", ver:ver, fix:"1.14.0_1", regexes:{0:"_(\d+)"}, strict:FALSE) < 0 ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1\n'; } } # Report if any were found to be vulnerable. if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_report_v4(severity:SECURITY_WARNING, port:port, extra:report); } else { installed_versions = substr(installed_versions, 3); if (" & " >< installed_versions) exit(0, "The Java "+installed_versions+" installations on the remote host are not affected."); else audit(AUDIT_INST_VER_NOT_VULN, "Java", installed_versions); }
NASL family Misc. NASL id ORACLE_JAVA_CPU_APR_2020_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - Oracle Java SE and Java SE Embedded are prone to a buffer overflow attack, over last seen 2020-05-23 modified 2020-04-16 plugin id 135591 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135591 title Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU) (Unix) code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(135591); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/17"); script_cve_id( "CVE-2019-18197", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2764", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830" ); script_xref(name:"IAVA", value:"2020-A-0134-S"); script_name(english:"Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU) (Unix)"); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by multiple vulnerabilities"); script_set_attribute(attribute:"description", value: "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - Oracle Java SE and Java SE Embedded are prone to a buffer overflow attack, over 'Multiple' protocol. This issue affects the 'JavaFX (libxslt)' component. Successful attacks of this vulnerability allow unauthenticated attacker with network access to takeover of Java SE. (CVE-2019-18197) - Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2754, CVE-2020-2755) - Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Serialization' component. (CVE-2020-2756, CVE-2020-2757) - Oracle Java SE prone to unauthorized read access vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol can result in unauthorized read access to a subset of Java SE accessible data. This issue affects the 'Advanced Management Console' component. (CVE-2020-2764) - Oracle Java SE and Java SE Embedded are prone to unauthorized write/read access vulnerability. An unauthenticated remote attacker over 'HTTPS' can read, update, insert or delete access to some of Java SE accessible data. This issue affects the 'JSSE' component. (CVE-2020-2767) - Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2773) It is also affected by other vulnerabilities; please see vendor advisories for more information. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/a/tech/docs/cpuapr2020cvrf.xml"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2020.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Oracle JDK / JRE 14 Update 1 , 11 Update 7 , 8 Update 251 , 7 Update 261 or later. If necessary, remove any affected versions."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"agent", value:"unix"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/14"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed_unix.nasl"); script_require_keys("Host/Java/JRE/Installed"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); # Check each installed JRE. installs = get_kb_list_or_exit('Host/Java/JRE/Unmanaged/*'); info = ''; vuln = 0; vuln2 = 0; installed_versions = ''; granular = ''; foreach install (list_uniq(keys(installs))) { ver = install - 'Host/Java/JRE/Unmanaged/'; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + ' & ' + ver; # Fixes : (JDK|JRE) 13 Update 2 / 11 Update 6 / 8 Update 241 / 7 Update 251 if ( ver_compare(minver:'1.7.0', ver:ver, fix:'1.7.0_261', regexes:{0:"_(\d+)"}, strict:FALSE) < 0 || ver_compare(minver:'1.8.0', ver:ver, fix:'1.8.0_251', regexes:{0:"_(\d+)"}, strict:FALSE) < 0 || ver_compare(minver:'1.11.0', ver:ver, fix:'1.11.0_7', regexes:{0:"_(\d+)"}, strict:FALSE) < 0 || ver_compare(minver:'1.13.0', ver:ver, fix:'1.14.0_1', regexes:{0:"_(\d+)"}, strict:FALSE) < 0 ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1\n'; } else if (ver =~ "^[\d\.]+$") { dirs = make_list(get_kb_list(install)); foreach dir (dirs) granular += 'The Oracle Java version '+ver+' at '+dir+' is not granular enough to make a determination.'+'\n'; } else { dirs = make_list(get_kb_list(install)); vuln2 += max_index(dirs); } } # Report if any were found to be vulnerable. if (info) { if (vuln > 1) s = 's of Java are'; else s = ' of Java is'; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_report_v4(severity:SECURITY_WARNING, port:0, extra:report); if (granular) exit(0, granular); } else { if (granular) exit(0, granular); installed_versions = substr(installed_versions, 3); if (vuln2 > 1) exit(0, 'The Java '+installed_versions+' installations on the remote host are not affected.'); else audit(AUDIT_INST_VER_NOT_VULN, 'Java', installed_versions); }
References
- https://kc.mcafee.com/corporate/index?page=content&id=SB10332
- https://kc.mcafee.com/corporate/index?page=content&id=SB10332
- https://security.netapp.com/advisory/ntap-20200416-0004/
- https://security.netapp.com/advisory/ntap-20200416-0004/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html