Lucene search
This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.FUSION_WEBLOGIC_WEBCONTAINER_DOS.NASLHistoryFeb 02, 2012 - 12:00 a.m.
Oracle Fusion Middleware WebLogic Component DoS
2012-02-0200:00:00
This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.
www.tenable.com
18
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.004
Percentile
72.6%
The version of the WebLogic component on Oracle Middleware installed on the remote host is affected by an unspecified vulnerability related to the Web Container affecting availability. Successful exploitation of this vulnerability could cause a denial of service condition.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(57794);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2011-3566");
script_bugtraq_id(51469);
script_name(english:"Oracle Fusion Middleware WebLogic Component DoS");
script_set_attribute(attribute:"synopsis", value:
"The remote host has a web application server installed that contains
an unspecified vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of the WebLogic component on Oracle Middleware installed
on the remote host is affected by an unspecified vulnerability related
to the Web Container affecting availability. Successful exploitation
of this vulnerability could cause a denial of service condition.");
# https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1374524.1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f9a69d65");
# http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11da589e");
script_set_attribute(attribute:"solution", value:
"See the Oracle advisory for information on obtaining and applying bug
fix patches.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/17");
script_set_attribute(attribute:"patch_publication_date", value:"2012/01/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.");
script_dependencies("oracle_weblogic_server_installed.nbin");
script_require_keys("Oracle/WLS/Installed");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("oracle_rdbms_cpu_func.inc");
get_kb_item_or_exit("Oracle/WLS/Installed");
app_name = "Oracle WebLogic Server";
report = "";
affected = 0;
not_affected = make_list();
# Get installs.
installs = make_list(get_kb_list("Oracle/WLS/*/install"));
# Get patches.
ohomes = make_list();
q = query_scratchpad("SELECT path FROM oracle_homes");
if (isnull(q)) exit(1, 'Unable to obtain Oracle Homes');
foreach ohome (q)
{
ohomes = make_list(ohomes, ohome['path']);
}
patches = find_patches_in_ohomes(ohomes:ohomes);
if(!isnull(patches))
{
# Verify that each install is patched.
foreach install (installs)
{
install = split(install, sep:',', keep:FALSE);
ohome = install[0];
subdir = install[1];
version = install[2];
patched = FALSE;
fix = NULL;
fix_ver = NULL;
# individual security patches
if (version =~ "^9\.2\.4(\.0)*$") fix = "TW4A";
else if (version =~ "^10\.0\.1(\.0)*$") fix = "96PR";
else if (version =~ "^10\.0\.2(\.0)*$") fix = "2DIK";
else if (version =~ "^10\.3\.0(\.0)*$") fix = "JAE6";
else if (version =~ "^10\.3\.2(\.0)*?$") fix = "AVJP";
else if (version =~ "^10\.3\.3(\.0)*?$") fix = "1FKM";
# patch sets
else if (version =~ "^10\.3\.5\.")
{
fix_ver = "10.3.5.0.2";
fix = "USGW";
}
else if (version =~ "^10\.3\.4\.")
{
fix_ver = "10.3.4.0.4";
fix = "XZNF";
}
else not_affected = make_list(not_affected, version);
if (isnull(fix)) continue;
# patch set check
if(!isnull(fix_ver))
{
if(ver_compare(ver:version, fix:fix_ver, strict:FALSE) >= 0)
patched = TRUE;
}
# security patch check
else
{
# Check for patch.
foreach patch (keys(patches[ohome]))
{
if (patch == fix)
{
patched = TRUE;
break;
}
}
}
if (!patched)
{
report +=
'\n Oracle Home : ' + ohome +
'\n Install path : ' + subdir +
'\n Version : ' + version +
'\n Required patch : ' + fix +
'\n';
affected++;
}
else not_affected = make_list(not_affected, version);
}
}
if (affected)
{
port = 0;
if (report_verbosity > 0)
{
report = affected + ' of ' + max_index(installs) + ' installs affected :\n' + report;
security_warning(extra:report, port:port);
}
else security_warning(port:port);
exit(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, app_name, not_affected);
Related
cvelist
cvelist
CVE-2011-3566
2012-01-18 22:00:00
prion
prion
Design/Logic Flaw
2012-01-18 22:55:00
cve
cve
CVE-2011-3566
2012-01-18 22:55:03
nvd
nvd
CVE-2011-3566
2012-01-18 22:55:03
oracle
oracle
Oracle Critical Patch Update - January 2012
2012-01-17 00:00:00
securityvulns
securityvulns
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.004
Percentile
72.6%
Related for FUSION_WEBLOGIC_WEBCONTAINER_DOS.NASL