CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
100.0%
The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities:
An unspecified vulnerability in the Third Party Tools (Bouncy Castle Java Library) component of Oracle WebLogic Server. An unauthenticated attacker with network access via HTTPS could exploit this vulnerability to compromise Oracle WebLogic Server. A successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. (CVE-2019-1735)
An unspecified vulnerability in the Console component of Oracle WebLogic Server. An unauthenticated attacker with network access via HTTP could exploit this vulnerability to compromise Oracle WebLogic Server. A successful attack requires human interaction from a person other than the attacker. A successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server.
(CVE-2020-2519)
An unspecified vulnerability in the Console component of Oracle WebLogic Server. An unauthenticated attacker with network access via HTTP could exploit this vulnerability to compromise Oracle WebLogic Server. A successful attack requires human interaction from a person other than the attacker. A successful attack of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data.
(CVE-2020-2544)
An unspecified vulnerability in the Application Container - JavaEE component of Oracle WebLogic Server.
An unauthenticated attacker with network access via T3 could exploit this vulnerability to compromise Oracle WebLogic Server. A successful attack of this vulnerability can result in takeover of Oracle WebLogic Server.
(CVE-2020-2546)
An unspecified vulnerability in the Console component of Oracle WebLogic Server. A high privileged attacker with network access via HTTP could exploit this vulnerability to compromise Oracle WebLogic Server. A successful attack requires human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. (CVE-2020-2547)
An unspecified vulnerability in the WLS Core Components of Oracle WebLogic Server. A high privileged attacker with network access via HTTP could exploit this vulnerability to compromise Oracle WebLogic Server.
A successful attack requires human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data.
(CVE-2020-2548)
An unspecified vulnerability in the WLS Core Components of Oracle WebLogic Server. A high privileged attacker with network access via HTTP could exploit this vulnerability to compromise Oracle WebLogic Server. A successful attack of this vulnerability can result in takeover of Oracle WebLogic Server.
(CVE-2020-2549)
An unspecified vulnerability in the WLS Core Components of Oracle WebLogic Server. A high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes could exploit this vulnerability to compromise racle WebLogic Server. A successful attack of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.
(CVE-2020-2550)
An unspecified vulnerability in the WLS Core Components of Oracle WebLogic Server. An unauthenticated attacker with network access via IIOP could exploit this vulnerability to compromise Oracle WebLogic Server. A successful attack of this vulnerability can result in takeover of Oracle WebLogic Server.
(CVE-2020-2551)
An unspecified vulnerability in the WLS Core Components of Oracle WebLogic Server. A high privileged attacker with network access via HTTP could exploit this vulnerability to compromise Oracle WebLogic Server. A successful attack requires human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. A successful attack of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. (CVE-2020-2552)
An unspecified vulnerability in the Web Container (JavaServer Faces) Components of Oracle WebLogic Server.
An unauthenticated attacker with network access via HTTP could exploit this vulnerability to compromise Oracle WebLogic Server. A successful attack of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. (CVE-2020-6950)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(132961);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/16");
script_cve_id(
"CVE-2019-17359",
"CVE-2020-2519",
"CVE-2020-2544",
"CVE-2020-2546",
"CVE-2020-2547",
"CVE-2020-2548",
"CVE-2020-2549",
"CVE-2020-2550",
"CVE-2020-2551",
"CVE-2020-2552",
"CVE-2020-6950"
);
script_xref(name:"CEA-ID", value:"CEA-2021-0004");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/12/07");
script_name(english:"Oracle WebLogic Server Multiple Vulnerabilities (Jan 2020 CPU)");
script_set_attribute(attribute:"synopsis", value:
"An application server installed on the remote host is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Oracle WebLogic Server installed on the remote host is
affected by multiple vulnerabilities:
- An unspecified vulnerability in the Third Party Tools
(Bouncy Castle Java Library) component of Oracle WebLogic
Server. An unauthenticated attacker with network access
via HTTPS could exploit this vulnerability to compromise
Oracle WebLogic Server. A successful attack of this
vulnerability can result in unauthorized ability to cause
a hang or frequently repeatable crash (complete DOS) of
Oracle WebLogic Server. (CVE-2019-1735)
- An unspecified vulnerability in the Console component of
Oracle WebLogic Server. An unauthenticated attacker with
network access via HTTP could exploit this vulnerability
to compromise Oracle WebLogic Server. A successful attack
requires human interaction from a person other than the
attacker. A successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial
of service (partial DOS) of Oracle WebLogic Server.
(CVE-2020-2519)
- An unspecified vulnerability in the Console component of
Oracle WebLogic Server. An unauthenticated attacker with
network access via HTTP could exploit this vulnerability
to compromise Oracle WebLogic Server. A successful attack
requires human interaction from a person other than the
attacker. A successful attack of this vulnerability can
result in unauthorized update, insert or delete access
to some of Oracle WebLogic Server accessible data.
(CVE-2020-2544)
- An unspecified vulnerability in the Application
Container - JavaEE component of Oracle WebLogic Server.
An unauthenticated attacker with network access via T3
could exploit this vulnerability to compromise Oracle
WebLogic Server. A successful attack of this vulnerability
can result in takeover of Oracle WebLogic Server.
(CVE-2020-2546)
- An unspecified vulnerability in the Console component of
Oracle WebLogic Server. A high privileged attacker with
network access via HTTP could exploit this vulnerability
to compromise Oracle WebLogic Server. A successful attack
requires human interaction from a person other than the
attacker and while the vulnerability is in Oracle WebLogic
Server, attacks may significantly impact additional
products. Successful attacks of this vulnerability can
result in unauthorized update, insert or delete access to
some of Oracle WebLogic Server accessible data as well as
unauthorized read access to a subset of Oracle WebLogic
Server accessible data. (CVE-2020-2547)
- An unspecified vulnerability in the WLS Core Components
of Oracle WebLogic Server. A high privileged attacker
with network access via HTTP could exploit this
vulnerability to compromise Oracle WebLogic Server.
A successful attack requires human interaction from a
person other than the attacker and while the vulnerability
is in Oracle WebLogic Server, attacks may significantly
impact additional products. Successful attacks of this
vulnerability can result in unauthorized update, insert or
delete access to some of Oracle WebLogic Server accessible
data as well as unauthorized read access to a subset of
Oracle WebLogic Server accessible data.
(CVE-2020-2548)
- An unspecified vulnerability in the WLS Core Components
of Oracle WebLogic Server. A high privileged attacker with
network access via HTTP could exploit this vulnerability to
compromise Oracle WebLogic Server. A successful attack of this
vulnerability can result in takeover of Oracle WebLogic Server.
(CVE-2020-2549)
- An unspecified vulnerability in the WLS Core Components
of Oracle WebLogic Server. A high privileged attacker with
logon to the infrastructure where Oracle WebLogic Server
executes could exploit this vulnerability to compromise
racle WebLogic Server. A successful attack of this
vulnerability can result in unauthorized access to critical
data or complete access to all Oracle WebLogic Server
accessible data.
(CVE-2020-2550)
- An unspecified vulnerability in the WLS Core Components of
Oracle WebLogic Server. An unauthenticated attacker with
network access via IIOP could exploit this vulnerability to
compromise Oracle WebLogic Server. A successful attack of this
vulnerability can result in takeover of Oracle WebLogic Server.
(CVE-2020-2551)
- An unspecified vulnerability in the WLS Core Components of
Oracle WebLogic Server. A high privileged attacker with
network access via HTTP could exploit this vulnerability
to compromise Oracle WebLogic Server. A successful attack
requires human interaction from a person other than the
attacker and while the vulnerability is in Oracle
WebLogic Server, attacks may significantly impact
additional products. A successful attack of this
vulnerability can result in unauthorized update,
insert or delete access to some of Oracle WebLogic
Server accessible data as well as unauthorized read
access to a subset of Oracle WebLogic Server accessible
data. (CVE-2020-2552)
- An unspecified vulnerability in the Web Container
(JavaServer Faces) Components of Oracle WebLogic Server.
An unauthenticated attacker with network access via
HTTP could exploit this vulnerability to compromise
Oracle WebLogic Server. A successful attack of this
vulnerability can result in unauthorized access to
critical data or complete access to all Oracle WebLogic
Server accessible data. (CVE-2020-6950)");
# https://www.oracle.com/security-alerts/cpujan2020.html#AppendixFMW
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?383db271");
# https://support.oracle.com/rs?type=doc&id=2602410.1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bed9f2cb");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2020 Oracle
Critical Patch Update advisory.
Refer to Oracle for any additional patch instructions or
mitigation options.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2551");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/14");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:weblogic_server");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("oracle_weblogic_server_installed.nbin", "os_fingerprint.nasl");
script_require_keys("installed_sw/Oracle WebLogic Server");
exit(0);
}
include('audit.inc');
include('install_func.inc');
app_name = 'Oracle WebLogic Server';
os = get_kb_item_or_exit('Host/OS');
if ('windows' >< tolower(os))
{
port = get_kb_item('SMB/transport');
if (!port) port = 445;
}
else port = 0;
install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
version = install['version'];
fix = NULL;
fix_ver = NULL;
if (version =~ "^12\.2\.1\.4($|[^0-9])")
{
fix_ver = '12.2.1.4.191220';
fix = make_list('30689820', '30761841');
}
else if (version =~ "^12\.2\.1\.3($|[^0-9])")
{
fix_ver = '12.2.1.3.191217';
fix = make_list('30675853');
}
else if (version =~ "^12\.1\.3\.")
{
fix_ver = '12.1.3.0.200114';
fix = make_list('30463093');
}
else if (version =~ "^10\.3\.6\.")
{
fix_ver = '10.3.6.0.200114';
fix = make_list('JWEB');
}
if (isnull(fix_ver) || ver_compare(ver:version, fix:fix_ver, strict:FALSE) >= 0)
audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, install['path']);
else
{
report =
'\n Oracle Home : ' + install['Oracle Home'] +
'\n Install path : ' + install['path'] +
'\n Version : ' + version +
'\n Fixes : ' + join(sep:', ', fix);
security_report_v4(extra:report, severity:SECURITY_HOLE, port:port);
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17359
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2519
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2544
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2546
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2547
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2548
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2549
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2550
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2551
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2552
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6950
www.nessus.org/u?383db271
www.nessus.org/u?bed9f2cb
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
100.0%