CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
82.3%
According to its self-reported banner, the version of Oracle WebLogic Server running on the remote host is affected by an unspecified privilege escalation vulnerability that can occur for some resources when the server is configured with more than one authorizer, such as a XACMLAuthorizer and a DefaultAuthorizer.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(17737);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2008-4009");
script_name(english:"Oracle WebLogic Multiple Authorizer Unspecified Privilege Escalation (CVE-2008-4009)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle WebLogic Server has an unspecified privilege
escalation vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported banner, the version of Oracle WebLogic
Server running on the remote host is affected by an unspecified
privilege escalation vulnerability that can occur for some resources
when the server is configured with more than one authorizer, such as a
XACMLAuthorizer and a DefaultAuthorizer.");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/topics/security/2802-092727.html");
script_set_attribute(attribute:"solution", value:
"Install the install the 9.1 patch for CR334468.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"vuln_publication_date", value:"2008/10/14");
script_set_attribute(attribute:"patch_publication_date", value:"2008/10/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/30");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:bea:weblogic_server");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:weblogic_server");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.");
script_dependencies("weblogic_detect.nasl");
script_require_keys("www/weblogic");
script_require_ports("Services/www", 80, 7001);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:7001);
get_kb_item_or_exit("www/weblogic/" + port + "/installed");
version = get_kb_item_or_exit("www/weblogic/" + port + "/version", exit_code:1);
service_pack = get_kb_item("www/weblogic/" + port + "/service_pack");
if (isnull(service_pack)) version_ui = version;
else version_ui = version + ' ' + service_pack;
fix = '';
if (version == "9.1" && isnull(service_pack))
{
fix = '9.1 with CR334468';
}
else exit(0, "The Oracle WebLogic "+version_ui+" install listening on port "+port+" is not affected.");
cr_patch = "CR334468";
if (get_kb_item("www/weblogic/" + port + "/cr_patches/" + cr_patch))
exit(0, "The Oracle WebLogic "+version_ui+" install listening on port "+port+" is not affected since it has the patch for "+cr_patch+".");
if (report_verbosity > 0)
{
source = get_kb_item_or_exit("www/weblogic/" + port + "/source", exit_code:1);
report =
'\n Source : ' + source +
'\n Installed version : ' + version_ui +
'\n Fixed version : ' + fix +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);