Lucene search
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.HP_OPERATIONS_MANAGER_FOR_WIN_CVE-2016-1985_LOCAL.NASLHistoryFeb 03, 2016 - 12:00 a.m.
HP Operations Manager for Windows 8.x and 9.0 Java Object Deserialization RCE
2016-02-0300:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
The version of HP Operations Manager installed on the remote host has the Sam Admin Adapter installed. This package is no longer supported by HP and is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a crafted SOAP request, to execute arbitrary code on the target host.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(88562);
script_version("1.8");
script_cvs_date("Date: 2019/11/20");
script_cve_id("CVE-2016-1985");
script_bugtraq_id(82259);
script_xref(name:"CERT", value:"576313");
script_xref(name:"IAVB", value:"2016-B-0020");
script_xref(name:"HP", value:"HPSBGN03542");
script_xref(name:"HP", value:"PSRT102960");
script_xref(name:"HP", value:"emr_na-c04953244");
script_name(english:"HP Operations Manager for Windows 8.x and 9.0 Java Object Deserialization RCE");
script_summary(english:"Checks if the affected package is installed.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a remote code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of HP Operations Manager installed on the remote host has
the Sam Admin Adapter installed. This package is no longer supported
by HP and is affected by a remote code execution vulnerability due to
unsafe deserialize calls of unauthenticated Java objects to the Apache
Commons Collections (ACC) library. An unauthenticated, remote attacker
can exploit this, by sending a crafted SOAP request, to execute
arbitrary code on the target host.");
# https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04953244
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b6c53c19");
script_set_attribute(attribute:"solution", value:
"Remove the Sam Admin Adapter package since it is unsupported.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1985");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/28");
script_set_attribute(attribute:"patch_publication_date", value:"2016/01/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:operations_manager");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("hp_operations_manager_for_win_installed.nbin");
script_require_keys("installed_sw/HP Operations Manager for Windows");
script_require_ports(139, 445);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("smb_func.inc");
include("smb_hotfixes_fcheck.inc");
include("install_func.inc");
global_var appname;
appname = "HP Operations Manager for Windows";
install = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);
version = install['version'];
path = install['path'];
if (version !~ "^8\." && version !~ "^9\.0")
audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);
# Check uninstall for Sam Admin
hassam = FALSE;
names = get_kb_list_or_exit('SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName');
foreach key (names)
{
if ('HP OM SiteScope Sam Admin Adapter' >< key)
{
hassam = TRUE;
appname += " with the Sam Admin Adapter";
break;
}
}
if (!hassam)
audit(AUDIT_NOT_INST, appname+" with the Sam Admin Adapter");
# Check for collection jar
ccpath = "";
hotfix_check_fversion_init();
libdir = hotfix_append_path(path:path, value:"\nonOV\tomcat\b\www\webapps\topaz\WEB-INF\lib");
basedir = ereg_replace(string:libdir, pattern:"^\w:(.*)", replace:"\1");
share = hotfix_path2share(path:libdir);
jars = list_dir(basedir:basedir, level:1, file_pat:"commons-collections.*\.jar", share:share);
hotfix_check_fversion_end();
if (!empty_or_null(jars))
{
share = ereg_replace(string:share, pattern:"^(\w)\$", replace:"\1:");
foreach jar (jars)
ccpath += " - "+share+jar+'\n';
}
else ccpath = FALSE;
if (ccpath && hassam)
{
port = kb_smb_transport();
if (report_verbosity > 0)
{
report += '\n'+
' Problem : The remote system has '+appname+'\n'+
' Install path : '+path+'\n'+
' Solution : Remove the Sam Admin Adapter package. It is not supported\n'+
' and will not be patched by HP.\n'+
' Affected JARs : \n'+ccpath+'\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hp | operations_manager | cpe:/a:hp:operations_manager |
Related
prion
prion
Design/Logic Flaw
2016-01-30 15:59:00
cve
cve
CVE-2016-1985
2016-01-30 15:59:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08
Related for HP_OPERATIONS_MANAGER_FOR_WIN_CVE-2016-1985_LOCAL.NASL