Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_E-BUSINESS_CPU_JUL_2015.NASL
HistoryJul 15, 2015 - 12:00 a.m.

Oracle E-Business Multiple Vulnerabilities (July 2015 CPU)

2015-07-1500:00:00
This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.68 Medium

EPSS

Percentile

98.0%

JSON

The version of Oracle E-Business installed on the remote host is missing the July 2015 Oracle Critical Patch Update (CPU). It is, therefore, affected by affected by vulnerabilities in the following components :

  • Oracle Application Object Library (CVE-2015-2618)
  • Oracle Application Object Library (CVE-2015-4739)
  • Oracle Applications DBA (CVE-2015-4743)
  • Oracle Applications Framework (CVE-2015-1926)
  • Oracle Applications Framework (CVE-2015-2610)
  • Oracle Applications Framework (CVE-2015-2615)
  • Oracle Applications Framework (CVE-2015-4741)
  • Oracle Applications Manager (CVE-2015-4765)
  • Oracle HTTP Server (CVE-2014-3571)
  • Oracle Marketing (CVE-2015-2652)
  • Oracle Sourcing (CVE-2015-4728)
  • Oracle Web Applications Desktop Integrator (CVE-2015-2645)
  • Technology stack (CVE-2015-2630)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(84766);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2014-3571",
    "CVE-2015-1926",
    "CVE-2015-2610",
    "CVE-2015-2615",
    "CVE-2015-2618",
    "CVE-2015-2630",
    "CVE-2015-2645",
    "CVE-2015-2652",
    "CVE-2015-4728",
    "CVE-2015-4739",
    "CVE-2015-4741",
    "CVE-2015-4743",
    "CVE-2015-4765"
  );
  script_bugtraq_id(
    71937,
    75772,
    75782,
    75783,
    75786,
    75787,
    75788,
    75789,
    75790,
    75791,
    75792,
    75795,
    75860
  );

  script_name(english:"Oracle E-Business Multiple Vulnerabilities (July 2015 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a web application installed that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle E-Business installed on the remote host is
missing the July 2015 Oracle Critical Patch Update (CPU). It is,
therefore, affected by affected by vulnerabilities in the following
components :

  - Oracle Application Object Library (CVE-2015-2618)
  - Oracle Application Object Library (CVE-2015-4739)
  - Oracle Applications DBA (CVE-2015-4743)
  - Oracle Applications Framework (CVE-2015-1926)
  - Oracle Applications Framework (CVE-2015-2610)
  - Oracle Applications Framework (CVE-2015-2615)
  - Oracle Applications Framework (CVE-2015-4741)
  - Oracle Applications Manager (CVE-2015-4765)
  - Oracle HTTP Server (CVE-2014-3571)
  - Oracle Marketing (CVE-2015-2652)
  - Oracle Sourcing (CVE-2015-4728)
  - Oracle Web Applications Desktop Integrator
    (CVE-2015-2645)
  - Technology stack (CVE-2015-2630)");
  # http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d18c2a85");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2015 Oracle Critical
Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-1926");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/15");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:e-business_suite");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_e-business_query_patch_info.nbin");
  script_require_keys("Oracle/E-Business/Version", "Oracle/E-Business/patches/installed");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("Oracle/E-Business/Version");
patches = get_kb_item_or_exit("Oracle/E-Business/patches/installed");

# Batch checks
if (patches) patches = split(patches, sep:',', keep:FALSE);
else patches = make_list();

# Check if the installed version is an affected version
affected_versions = make_array(
  '11.5.10.2' , make_list('20953336','20953337'),

  '12.0.6'    , make_list('20953339'),

  '12.1.1'    , make_list('20953340'),
  '12.1.2'    , make_list('20953340'),
  '12.1.3'    , make_list('20953340'),

  '12.2.3'    , make_list('20953338'),
  '12.2.4'    , make_list('20953338')
);

patched = FALSE;
affectedver = FALSE;

if (affected_versions[version])
{
  affectedver = TRUE;
  patchids = affected_versions[version];
  foreach required_patch (patchids)
  {
    foreach applied_patch (patches)
    {
      if(required_patch == applied_patch)
      {
        patched = applied_patch;
        break;
      }
    }
    if(patched) break;
  }
  if(!patched) patchreport = join(patchids,sep:" or ");
}

if (!patched && affectedver)
{
  if(report_verbosity > 0)
  {
    report =
      '\n  Installed version : '+version+
      '\n  Fixed version     : '+version+' Patch '+patchreport+
      '\n';
    security_warning(port:0,extra:report);
  }
  else security_warning(0);
  exit(0);
}
else if (!affectedver) audit(AUDIT_INST_VER_NOT_VULN, 'Oracle E-Business', version);
else exit(0, 'The Oracle E-Business server ' + version + ' is not affected because patch ' + patched + ' has been applied.');
VendorProductVersionCPE
oraclee-business_suitecpe:/a:oracle:e-business_suite

Related

prion 13
cve 14
cvelist 13
nvd 14
securityvulns 7
f5 2
veracode 1
checkpoint_advisories 1
ubuntucve 1
openssl 1
nessus 39
debiancve 1
ibm 34
oraclelinux 6
fedora 1
openvas 25
debian 3
osv 2
ubuntu 1
centos 1
aix 1
redhat 1
altlinux 6
suse 1
archlinux 1
freebsd 1
cisco 1
freebsd_advisory 1
kaspersky 2
slackware 1
amazon 1
mageia 1
oracle 1
prion
prion
Design/Logic Flaw
2015-07-16 11:00:00
Design/Logic Flaw
2015-07-16 11:00:00
Design/Logic Flaw
2015-07-16 11:00:00
cve
cve
CVE-2015-4765
2015-07-16 11:00:57
CVE-2015-4739
2015-07-16 11:00:34
CVE-2015-4728
2015-07-16 11:00:25
cvelist
cvelist
CVE-2015-4765
2015-07-16 10:00:00
CVE-2015-4739
2015-07-16 10:00:00
CVE-2015-4741
2015-07-16 10:00:00
nvd
nvd
CVE-2015-4728
2015-07-16 11:00:25
CVE-2015-4739
2015-07-16 11:00:34
CVE-2015-4765
2015-07-16 11:00:57
securityvulns
securityvulns
Oracle E-Business Suite Servlet URL Redirection Vulnerability
2015-07-20 00:00:00
[USN-2459-1] OpenSSL vulnerabilities
2015-01-13 00:00:00
OpenSSL multiple security vulnerabilities
2015-01-13 00:00:00
f5
f5
SOL16123 - OpenSSL vulnerability CVE-2014-3571
2015-02-11 00:00:00
K16123 : OpenSSL vulnerability CVE-2014-3571
2015-09-18 00:00:00
veracode
veracode
Denial Of Service (DoS) Through Null Pointer Dereference
2017-02-06 06:41:02
checkpoint_advisories
checkpoint_advisories
OpenSSL DTLS dtls1_get_record Segmentation Fault Denial of Service (CVE-2014-3571)
2015-01-14 00:00:00
ubuntucve
ubuntucve
CVE-2014-3571
2015-01-08 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-3571
2015-01-05 00:00:00
nessus
nessus
F5 Networks BIG-IP : OpenSSL vulnerability (SOL16123)
2015-02-12 00:00:00
Oracle WebCenter Portal Multiple Vulnerabilities (July 2015 CPU)
2015-07-22 00:00:00
Fedora 21 : openssl-1.0.1k-1.fc21 (2015-0512)
2015-01-13 00:00:00
debiancve
debiancve
CVE-2014-3571
2015-01-09 02:59:01
ibm
ibm
Security Bulletin: Vulnerability with Java Portlet Specification JSR 286 may affect WebSphere Application Server (CVE-2015-1926)
2018-06-15 07:03:23
Security Bulletin: Vulnerabilities in OpenSSL affect System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275)
2019-01-31 01:55:01
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0206)
2018-06-17 14:56:42
oraclelinux
oraclelinux
openssl security update
2015-12-14 00:00:00
openssl security update
2016-05-31 00:00:00
openssl security update
2015-02-26 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: openssl-1.0.1k-1.fc21
2015-01-13 00:02:20
openvas
openvas
Fedora Update for openssl FEDORA-2015-0512
2015-01-14 00:00:00
Oracle: Security Advisory (ELSA-2015-2616)
2015-12-15 00:00:00
Debian: Security Advisory (DLA-132-1)
2023-03-08 00:00:00
debian
debian
[SECURITY] [DLA 132-1] openssl security update
2015-01-11 13:16:32
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
osv
osv
openssl - security update
2015-01-11 00:00:00
openssl - security update
2015-01-11 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-01-12 00:00:00
centos
centos
openssl security update
2015-01-20 21:00:39
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-02-04 06:24:41
redhat
redhat
(RHSA-2015:0066) Moderate: openssl security update
2015-01-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt1
2015-01-12 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt1
2015-01-12 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt0.M70P.1
2015-01-12 00:00:00
suse
suse
Security update for openssl (important)
2015-01-23 20:05:13
archlinux
archlinux
openssl: multiple issues
2015-01-09 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2015-01-08 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
2015-03-10 16:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:01.openssl
2015-01-14 00:00:00
kaspersky
kaspersky
KLA10460 Multiple vulnerabilities in OpenSSL
2015-01-08 00:00:00
KLA10630 Multiple vulnerabilities in Oracle VM VirtualBox
2015-07-14 00:00:00
slackware
slackware
[slackware-security] openssl
2015-01-09 18:34:39
amazon
amazon
Medium: openssl
2015-01-11 12:36:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2015-01-11 22:54:28
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.68 Medium

EPSS

Percentile

98.0%

JSON
Related for ORACLE_E-BUSINESS_CPU_JUL_2015.NASL
prion13cve14cvelist13nvd14securityvulns7f52veracode1checkpoint_advisories1ubuntucve1openssl1nessus39debiancve1ibm34oraclelinux6fedora1openvas25debian3osv2ubuntu1centos1aix1redhat1altlinux6suse1archlinux1freebsd1cisco1freebsd_advisory1kaspersky2slackware1amazon1mageia1oracle1