The version of Oracle Enterprise Manager Ops Center installed on the remote host is missing a security patch. It is, therefore, affected by a remote code execution vulnerability. Refer to the October 2017 CPU for details on this vulnerability.
#TRUSTED 2cfd38b76d84fa350208d3abd2cdfff612e34cb933cabc3550e74084970c14ba8eeb461cd858cd2da37205b7f5962979a508776f8800d4cd9d6310d27113504133b1632f60a40813c412a50dedc5630ac7cd810fa4e36341af7226632b8ed63abada47b661fc8d7e20026a20da12b53d6328f0de5cb3ab087d9c8e4d035fa7a16f2f7042ed321fc1a75f3e6c28796f1adaf442dbfb8cf01e1ad64b54af6bd3e4fd407a48afbbd03326846b51f4870ed75a024954e25e1b57d69916158745af421c38050973edb9302d2e60ff5aeeef6813738cbb1ec1753569d6f989c43ad2eaf5a9cd173342f0a5de1485453a4c81cb02880edf340e4c9245b0a6446db0c91edf13ea9ef91764d00b2620c794dc335dd19a1415130ebe9feb989276be603292cfd00ac6aa27242ae74d2d6e19ad3e803f74c4dfad3d5879a11d89f331511eef78362f10aac24fb9f1462cf86117683715fba139cdec1895807c5368a7aaa8999c18e9674a429ee9a3b3a32d1d1bbb4d4ac226dd372839b7b796e7c79edaa22f59c3e8296de688e0770125124cf90f0c941c0a63bc780bcf993d205abf77933e762746246ee518b1f87fd9e37388e84bb1043c15fac594c42b365c03d794fe35da4e5b31e696d4e6d5076f4b3b27df8a9ca74a0fa680f14898678d82e2df42f27f0a301a3224a5b62fa8dd10f6e1a8e215ddc18a72ab3d6271c4bae79301511f
#TRUST-RSA-SHA256 0219a6431e4a74df71366eefb2b03213361d172b23b780170346e4a9128188014b19e98e94b2c9f8ff924e5aaa9a81c5164b0b432e41ccbc80e3d91f9171f1b489480d5ffd5f6cbe4517c0dc511087d56a71487ef9bffd71070190c61e25edec780bf3aa3ae59a38a37b6ec414bfad163c0b4e11e73b96f161f230054da762ce025458a89577cc85e4a2eb6ca0d9635b490e1fd115d0423be15346bb03a81095961828ac9c2510b49d78f1197259d3db245670517a553610b4ad3f48af9967a9965c746588be63a3356b30d2e91988119c6622dbfe6fb404c8d300ca96ba545844a1fbdfd34673580bcb55644ddd927cab3b2a23c8c1b3402ff1d3d6f9210e04179a9375926792493aac4f604963e6ccd22b8b60a336a9e7bb8844815d1593d0f9168d37322012bc26a656dfffb785aac17abdd6c8c6653abb90980d1de19d3f60838c7577e4a604c13e7058ac5a0d6ba160af307f846f3cb3688fb2813ac651703a65df0cdd284435a2818390eeb63e9608486ad5af2b0e63b134a071f66831a58e9dd0d8942fea8bb0c3c41cefae8ef6570b98e7cbea2a18d1b1074b3be11747210daf211aa1bf26d812a0c0f6744a01cdd7f701020b649073873c8258816ee58e425ab848301f3c0b550950c3c90d553469a0fb379f8944fc2d3e84ee553e13b8fa6e8b6c0c1adde19b53ed8e07708ae4eb1d4567b5cfb9b50a81891d0bbc
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(104052);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");
script_cve_id("CVE-2016-6814");
script_bugtraq_id(95429);
script_name(english:"Oracle Enterprise Manager Ops Center Remote Code Execution (October 2017 CPU)");
script_summary(english:"Checks the version of a library.");
script_set_attribute(attribute:"synopsis", value:
"An enterprise management application installed on the remote host is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Oracle Enterprise Manager Ops Center installed on
the remote host is missing a security patch. It is, therefore,
affected by a remote code execution vulnerability. Refer to the
October 2017 CPU for details on this vulnerability.");
# http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e07fa0e");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2017 Oracle Critical
Patch Update advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6814");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/15");
script_set_attribute(attribute:"patch_publication_date", value:"2017/07/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
include("audit.inc");
include("ssh_func.inc");
enable_ssh_wrappers();
patch = "26974609";
installed_cmd = "bash -c 'if [ -f /opt/sun/xvmoc/bin/satadm ]; then echo 1; else echo 0; fi'";
ret = ssh_open_connection();
if(!ret) exit(0);
buf = ssh_cmd(cmd:installed_cmd);
if("1" >!< buf)
{
ssh_close_connection();
audit(AUDIT_NOT_INST, "Oracle Enterprise Manager Ops Center");
}
lib_ver_cmd = "unzip -q -c /opt/sun/n1gc/lib/commons-fileupload.jar META-INF/MANIFEST.MF | grep Implementation-Version";
buf = ssh_cmd(cmd:lib_ver_cmd);
ssh_close_connection();
if("Implementation-Version" >!< buf) audit(AUDIT_VER_FAIL, "commons-fileupload.jar");
version = pregmatch(pattern:"Implementation-Version:\s+([0-9.]+)", string:buf);
if(isnull(version) || isnull(version[1])) audit(AUDIT_VER_FAIL, "commons-fileupload.jar");
version = version[1];
report = 'The install of Oracle Enterprise Manager Ops Center is missing the\n';
report += 'following patch :\n\n ' + patch + '\n\nThis was determined by';
report += ' the version of the commons-fileupload.jar library.\n\n';
report += ' Patched version : 1.3.2\n';
report += ' Installed version : ' + version + '\n';
if(ver_compare(ver:version, fix:"1.3.2") < 0)
security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);
else
audit(AUDIT_INST_VER_NOT_VULN, "Oracle Enterprise Manager Ops Center");