Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.ORACLE_HTTP_SERVER_CPU_JUL_2012.NASL
HistoryOct 08, 2014 - 12:00 a.m.

Oracle Fusion Middleware HTTP Server (July 2012 CPU)

2014-10-0800:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
16

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

74.5%

JSON

According to its banner, the version of Oracle Fusion Middleware HTTP Server installed on the remote host is affected by an unspecified flaw in the User Administration Pages of the Enterprise Manager for Fusion Middleware component. A remote attacker can exploit this to impact the host’s integrity or gain unauthorized access to information.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(78085);
  script_version("1.3");
  script_cvs_date("Date: 2018/11/15 20:50:25");

  script_cve_id("CVE-2012-1741");
  script_bugtraq_id(54492);

  script_name(english:"Oracle Fusion Middleware HTTP Server (July 2012 CPU)");
  script_summary(english:"Checks the version of the Oracle Fusion Middleware HTTP Server.");

  script_set_attribute(attribute:"synopsis", value:"The remote web server is affected by an unspecified vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of Oracle Fusion Middleware HTTP
Server installed on the remote host is affected by an unspecified flaw
in the User Administration Pages of the Enterprise Manager for Fusion
Middleware component. A remote attacker can exploit this to impact the
host's integrity or gain unauthorized access to information.");
  # https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?07dc310c");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2012 Oracle Critical
Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/07/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/08");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:http_server");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("oracle_http_server_version.nasl");
  script_require_keys("www/oracle");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("http.inc");
include("misc_func.inc");

port = get_http_port(default:80);

# Make sure this is Oracle.
get_kb_item_or_exit("www/"+port+"/oracle");

# Get version information from the KB.
version = get_kb_item_or_exit("www/oracle/"+port+"/version", exit_code:1);
source = get_kb_item_or_exit("www/oracle/"+port+"/source", exit_code:1);

# Check if the remote server is affected. There is a patch in the CPU
# for this version. No other versions can be patched by this CPU.
if (version != "10.1.3.5.0") audit(AUDIT_LISTEN_NOT_VULN, "Oracle Application Server", port, version);

if (report_verbosity > 0)
{
  report =
    '\n  Version source    : ' + source +
    '\n  Installed version : ' + version +
    '\n';
  security_warning(port:port, extra:report);
}
else security_warning(port);
VendorProductVersionCPE
oraclehttp_servercpe:/a:oracle:http_server
oraclefusion_middlewarecpe:/a:oracle:fusion_middleware

Related

nvd 1
cve 1
prion 1
cvelist 1
securityvulns 1
oracle 1
nvd
nvd
CVE-2012-1741
2012-07-17 22:55:01
cve
cve
CVE-2012-1741
2012-07-17 22:55:01
prion
prion
Design/Logic Flaw
2012-07-17 22:55:00
cvelist
cvelist
CVE-2012-1741
2012-07-17 22:00:00
securityvulns
securityvulns
Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
2012-10-28 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2012
2012-07-17 00:00:00

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

74.5%

JSON
Related for ORACLE_HTTP_SERVER_CPU_JUL_2012.NASL
nvd1cve1prion1cvelist1securityvulns1oracle1