Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2022 Tenable Network Security, Inc.SOLARIS9_X86_124673.NASL
HistoryOct 17, 2007 - 12:00 a.m.

Solaris 9 (x86) : 124673-20

2007-10-1700:00:00
This script is Copyright (C) 2007-2022 Tenable Network Security, Inc.
www.tenable.com
24

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.129 Low

EPSS

Percentile

95.5%

JSON

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text in this plugin was
# extracted from the Oracle SunOS Patch Updates.
#
include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(27099);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/01/26");

  script_cve_id("CVE-2009-0278", "CVE-2009-2625", "CVE-2011-5035");
  script_xref(name:"IAVT", value:"2009-T-0009-S");

  script_name(english:"Solaris 9 (x86) : 124673-20");
  script_summary(english:"Check for patch 124673-20");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote host is missing Sun Security Patch number 124673-20"
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion
Middleware (subcomponent: Web Container). Supported versions that are
affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily
exploitable vulnerability allows successful unauthenticated network
attacks via HTTP. Successful attack of this vulnerability can result
in unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle WebLogic Server."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://getupdates.oracle.com/readme/124673-20"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"You should install this patch for your system to be up-to-date."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_cwe_id(200, 264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2022 Tenable Network Security, Inc.");
  script_family(english:"Solaris Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("solaris.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"124673-20", obsoleted_by:"", package:"SUNWasuee", version:"8.2,REV=2007.01.17.13.51") < 0) flag++;
if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"124673-20", obsoleted_by:"", package:"SUNWasacee", version:"8.2,REV=2007.01.17.13.51") < 0) flag++;
if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"124673-20", obsoleted_by:"", package:"SUNWascml", version:"8.2,REV=2007.01.17.13.51") < 0) flag++;
if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"124673-20", obsoleted_by:"", package:"SUNWasu", version:"8.2,REV=2007.01.17.13.35") < 0) flag++;
if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"124673-20", obsoleted_by:"", package:"SUNWasdem", version:"8.2,REV=2007.01.17.13.35") < 0) flag++;
if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"124673-20", obsoleted_by:"", package:"SUNWashdm", version:"8.2,REV=2007.01.17.13.51") < 0) flag++;
if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"124673-20", obsoleted_by:"", package:"SUNWaswbcr", version:"8.2,REV=2007.01.17.13.51") < 0) flag++;
if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"124673-20", obsoleted_by:"", package:"SUNWasut", version:"8.2,REV=2007.01.17.13.35") < 0) flag++;
if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"124673-20", obsoleted_by:"", package:"SUNWasman", version:"8.2,REV=2007.01.17.13.35") < 0) flag++;
if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"124673-20", obsoleted_by:"", package:"SUNWascmnse", version:"8.2,REV=2007.01.17.13.51") < 0) flag++;
if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"124673-20", obsoleted_by:"", package:"SUNWaslb", version:"8.2,REV=2007.01.17.13.51") < 0) flag++;
if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"124673-20", obsoleted_by:"", package:"SUNWascmn", version:"8.2,REV=2007.01.17.13.35") < 0) flag++;
if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"124673-20", obsoleted_by:"", package:"SUNWasac", version:"8.2,REV=2007.01.17.13.35") < 0) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report());
  else security_warning(0);
  exit(0);
}
audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
sunsolariscpe:/o:sun:solaris

Related

nessus 68
seebug 3
cvelist 5
prion 5
openvas 81
veracode 2
nvd 5
cve 4
ubuntucve 3
debiancve 4
cisa 1
debian 2
centos 1
osv 1
redhat 4
oraclelinux 2
github 1
ubuntu 4
ibm 2
f5 1
nessus
nessus
Solaris 10 (sparc) : 124672-20
2018-03-12 00:00:00
Solaris 10 (sparc) : 124672-20 (deprecated)
2007-10-17 00:00:00
Solaris 10 (x86) : 124673-20
2018-03-12 00:00:00
seebug
seebug
Sun Java系统应用服务器远程信息泄露漏洞
2009-02-02 00:00:00
Sun Java运行时环境XML解析拒绝服务漏洞
2009-08-09 00:00:00
mozilla-thunderbird多个安全漏洞
2009-10-10 00:00:00
cvelist
cvelist
CVE-2009-0278
2009-01-27 02:00:00
CVE-2011-5035
2011-12-30 01:00:00
CVE-2009-2625
2009-08-06 15:00:00
prion
prion
Buffer overflow
2011-12-30 01:55:00
Design/Logic Flaw
2009-01-27 02:30:00
Input validation
2009-08-06 15:30:00
openvas
openvas
Oracle GlassFish Server Hash Collision Denial of Service Vulnerability
2012-01-05 00:00:00
Sun Java System Application Server Information Disclosure vulnerability
2009-02-06 00:00:00
Sun Java System Application Server Information Disclosure vulnerability
2009-02-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2017-03-23 05:36:32
Denial Of Service (DoS)
2017-03-13 03:37:04
nvd
nvd
CVE-2009-0278
2009-01-27 02:30:04
CVE-2011-5035
2011-12-30 01:55:01
CVE-2009-2625
2009-08-06 15:30:00
cve
cve
CVE-2009-0278
2009-01-27 02:30:04
CVE-2011-5035
2011-12-30 01:55:01
CVE-2009-2625
2009-08-06 15:30:00
ubuntucve
ubuntucve
CVE-2011-5035
2011-12-29 00:00:00
CVE-2009-2625
2009-08-06 00:00:00
CVE-2009-3720
2009-11-03 00:00:00
debiancve
debiancve
CVE-2011-5035
2011-12-30 01:55:00
CVE-2009-2625
2009-08-06 15:30:00
CVE-2009-3720
2009-11-03 16:30:12
cisa
cisa
Apple Update for Java for OS X Lion and Mac OS X
2012-04-04 00:00:00
debian
debian
[SECURITY] [DSA 1921-1] New expat packages fix denial of service
2009-10-28 09:39:18
[SECURITY] [DSA 1984-1] New libxerces2-java packages fix denial of service
2010-01-30 17:52:35
centos
centos
xerces security update
2009-12-17 12:40:02
osv
osv
Denial of service in Apache Xerces2
2020-06-15 18:51:30
redhat
redhat
(RHSA-2011:0858) Moderate: xerces-j2 security update
2011-06-08 00:00:00
(RHSA-2012:1537) Moderate: jasperreports-server-pro security and bug fix update
2012-12-04 00:00:00
(RHSA-2009:1615) Moderate: xerces-j2 security update
2009-11-30 00:00:00
oraclelinux
oraclelinux
xerces-j2 security update
2009-11-30 00:00:00
xerces-j2 security update
2011-06-08 00:00:00
github
github
Denial of service in Apache Xerces2
2020-06-15 18:51:30
ubuntu
ubuntu
XML-RPC for C and C++ vulnerabilities
2010-02-18 00:00:00
CMake vulnerabilities
2010-04-15 00:00:00
Python 2.5 vulnerabilities
2010-01-21 00:00:00
ibm
ibm
Security Bulletin: Apache Solr, shipped with IBM Operations Analytics - Log Analysis, susceptible to multiple vulnerabilities in Apache Xerces2
2021-04-16 07:16:00
Security Bulletin: Order Management is subject to vulnerabilities regarding XML service where a remote attacker could exploit this vulnerability.
2024-04-12 17:33:16
f5
f5
SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2014-12-11 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.129 Low

EPSS

Percentile

95.5%

JSON
Related for SOLARIS9_X86_124673.NASL
nessus68seebug3cvelist5prion5openvas81veracode2nvd5cve4ubuntucve3debiancve4cisa1debian2centos1osv1redhat4oraclelinux2github1ubuntu4ibm2f51