CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
96.8%
The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities:
- An unspecified vulnerability in the jquery component of the Web Services of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized update, insert, or delete access to some of Oracle WebLogic Server accessible data. (CVE-2015-9251)
- An unspecified vulnerability in the Web Services component of Oracle Weblogic Server. An unauthenticated, remote attacker unauthorized can exploit this to gain read access to some of Oracle WebLogic Server accessible data. (CVE-2019-2887)
- An unspecified vulnerability in the Web Services component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized read access to some of Oracle WebLogic Server accessible data. (CVE-2019-2888)
- An unspecified vulnerability in the Web Services component of Oracle Weblogic Server. An authenticated, high priviledge remote attacker can exploit this to compromise Oracle WebLogic Server. (CVE-2019-2890)
- An unspecified vulnerability in the console component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle WebLogic Server. (CVE-2019-2891)
- An unspecified vulnerability in the SOAP with Attachments API for Java component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized update, insert, or delete access to some of Oracle Web Services accessible data as well as unauthorized read access to a subset of Oracle Web Services accessible data. (CVE-2019-2907)
- An unspecified vulnerability in the ADF Faces jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle JDeveloper and ADF resulting in an unauthorized update, insert, or delete access to some of OracleJDeveloper & ADF accessible data as well as unauthorized read access to a subset of Oracle JDeveloper & ADF accessible data. (CVE-2019-11358)
- An unspecified vulnerability in the Web Container jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle Service Bus resulting in an unauthorized update, insert, or delete access to some of Service Bus data as well as unauthorized read access to a subset of Oracle Service Bus accessible data. (CVE-2019-11358)
- An unspecified vulnerability in the console jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle WebLogic Server resulting in an unauthorized update, insert, or delete access to some of Oracle WebLogic Server data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. (CVE-2019-11358)
- An unspecified vulnerability in the Web Container Faces jQuery component of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to compromise Oracle Service Bus resulting in an unauthorized update, insert, or delete access to some of Oracle WebLogic Server data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. (CVE-2019-17091)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(130012);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/17");
script_cve_id(
"CVE-2015-9251",
"CVE-2019-2887",
"CVE-2019-2888",
"CVE-2019-2889",
"CVE-2019-2890",
"CVE-2019-2891",
"CVE-2019-2907",
"CVE-2019-11358",
"CVE-2019-17091"
);
script_bugtraq_id(105658, 108023);
script_xref(name:"IAVA", value:"2019-A-0382");
script_xref(name:"CEA-ID", value:"CEA-2021-0004");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"Oracle WebLogic Server Multiple Vulnerabilities (Oct 2019 CPU)");
script_set_attribute(attribute:"synopsis", value:
"An application server installed on the remote host is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Oracle WebLogic Server installed on the remote host is
affected by multiple vulnerabilities:
- An unspecified vulnerability in the jquery component of the
Web Services of Oracle Weblogic Server. An unauthenticated,
remote attacker can exploit this to gain unauthorized update,
insert, or delete access to some of Oracle WebLogic Server
accessible data. (CVE-2015-9251)
- An unspecified vulnerability in the Web Services component of
Oracle Weblogic Server. An unauthenticated, remote attacker
unauthorized can exploit this to gain read access to some of
Oracle WebLogic Server accessible data. (CVE-2019-2887)
- An unspecified vulnerability in the Web Services component of
Oracle Weblogic Server. An unauthenticated, remote attacker
can exploit this to gain unauthorized read access to some of
Oracle WebLogic Server accessible data. (CVE-2019-2888)
- An unspecified vulnerability in the Web Services component of
Oracle Weblogic Server. An authenticated, high priviledge
remote attacker can exploit this to compromise
Oracle WebLogic Server. (CVE-2019-2890)
- An unspecified vulnerability in the console component of
Oracle Weblogic Server. An unauthenticated, remote attacker
can exploit this to compromise Oracle WebLogic Server.
(CVE-2019-2891)
- An unspecified vulnerability in the SOAP with Attachments API
for Java component of Oracle Weblogic Server. An
unauthenticated, remote attacker can exploit this to gain
unauthorized update, insert, or delete access to some of
Oracle Web Services accessible data as well as unauthorized
read access to a subset of Oracle Web Services accessible
data. (CVE-2019-2907)
- An unspecified vulnerability in the ADF Faces jQuery component
of Oracle Weblogic Server. An unauthenticated, remote
attacker can exploit this to compromise Oracle
JDeveloper and ADF resulting in an unauthorized update,
insert, or delete access to some of OracleJDeveloper & ADF
accessible data as well as unauthorized read access to a
subset of Oracle JDeveloper & ADF accessible data.
(CVE-2019-11358)
- An unspecified vulnerability in the Web Container jQuery
component of Oracle Weblogic Server. An unauthenticated,
remote attacker can exploit this to compromise
Oracle Service Bus resulting in an unauthorized update,
insert, or delete access to some of Service Bus data as well
as unauthorized read access to a subset of Oracle Service Bus
accessible data. (CVE-2019-11358)
- An unspecified vulnerability in the console jQuery component
of Oracle Weblogic Server. An unauthenticated, remote
attacker can exploit this to compromise Oracle
WebLogic Server resulting in an unauthorized update, insert,
or delete access to some of Oracle WebLogic Server data as
well as unauthorized read access to a subset of Oracle
WebLogic Server accessible data. (CVE-2019-11358)
- An unspecified vulnerability in the Web Container Faces jQuery
component of Oracle Weblogic Server. An unauthenticated,
remote attacker can exploit this to compromise
Oracle Service Bus resulting in an unauthorized update,
insert, or delete access to some of Oracle WebLogic Server
data as well as unauthorized read access to a subset of Oracle
WebLogic Server accessible data. (CVE-2019-17091)");
# https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b370bc74");
# https://www.oracle.com/technetwork/security-advisory/cpuoct2019verbose-5072833.html#FMW
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3d73bb23");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2019 Oracle
Critical Patch Update advisory.
Refer to Oracle for any additional patch instructions or
mitigation options.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2891");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/15");
script_set_attribute(attribute:"patch_publication_date", value:"2019/10/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:weblogic_server");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("oracle_weblogic_server_installed.nbin", "os_fingerprint.nasl");
script_require_ports("installed_sw/Oracle WebLogic Server", "installed_sw/JDeveloper's Integrated WebLogic Server");
exit(0);
}
include('install_func.inc');
include('spad_log_func.inc');
var app_name = "Oracle WebLogic Server";
var install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
var ohome = install["Oracle Home"];
var subdir = install["path"];
var version = install["version"];
var id, port;
var fix = NULL;
var fix_ver = NULL;
spad_log(message:"checking version [" + version + "]");
# individual security patches
if (version =~ "^12\.2\.1\.3($|[^0-9])")
{
fix_ver = "12.2.1.3.191015";
fix = make_list("30386660");
}
else if (version =~ "^12\.1\.3\.")
{
fix_ver = "12.1.3.0.191015";
fix = make_list("30108725");
}
else if (version =~ "^10\.3\.6\.")
{
fix_ver = "10.3.6.0.191015";
fix = make_list("3L3H"); # patchid is obtained from the readme and 10.3.6.x assets are different
}
else
audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);
spad_log(message:"checking fix [" + obj_rep(fix) + "]");
var PATCHED=FALSE;
# Iterate over the list of patches and check the install for the patchID
foreach id (fix)
{
spad_log(message:"Checking fix id: [" + id +"]");
if (install[id])
{
PATCHED=TRUE;
break;
}
}
var VULN=FALSE;
if (ver_compare(ver:version, fix:fix_ver, strict:FALSE) == -1)
VULN=TRUE;
if (PATCHED || !VULN)
audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);
var os = get_kb_item_or_exit("Host/OS");
if ('windows' >< tolower(os))
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
}
else port = 0;
var report =
'\n Oracle Home : ' + ohome +
'\n Install path : ' + subdir +
'\n Version : ' + version +
'\n Fixes : ' + join(sep:", ", fix);
security_report_v4(extra:report, severity:SECURITY_WARNING, port:port);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9251
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17091
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2887
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2888
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2889
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2890
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2891
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2907
www.nessus.org/u?3d73bb23
www.nessus.org/u?b370bc74
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
96.8%