Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_OATS_CPU_JAN_2020.NASL
HistoryJan 27, 2020 - 12:00 a.m.

Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2020 CPU)

2020-01-2700:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
46

7.9 High

AI Score

Confidence

High

JSON

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities :

  • Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder (Jython)). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. (CVE-2016-4000)

  • An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder (Jython). An unauthenticated, remote attacker with network access via HTTP to compromise Oracle Application Testing Suite. (CVE-2016-4000)

  • An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Load Testing for Web Apps (Apache POI). An unauthenticated, remote attacker with network access via HTTP to compromise Oracle Application Testing Suite and cause the process to hang or frequently repeatable crash (complete DOS). (CVE-2017-12626)

  • An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder (Apache POI). An unauthenticated, remote attacker with network access via HTTP to compromise Oracle Application Testing Suite and cause the process to hang or frequently repeatable crash (complete DOS). (CVE-2017-12626)

  • An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Load Testing for Web Apps (AntiSamy). An unauthenticated, remote attacker with network access via HTTP who is able to obtain human interaction can impact additional products and result in an unauthorized update, insert, or delete access to some accessible data as well as unauthorized read access to a subset of accessible data. (CVE-2017-14735)

  • An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder (Antisamy). An unauthenticated, remote attacker with network access via HTTP who is able to obtain human interaction can impact additional products and result in an unauthorized update, insert, or delete access to some accessible data as well as unauthorized read access to a subset of accessible data. (CVE-2017-14735)

  • An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Load Testing for Web Apps (Application Development Framework). An unauthenticated, remote attacker with network access via HTTP can result in takeover of Oracle Application Testing Suite. (CVE-2019-2904)

  • An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder (jQuery). An unauthenticated, remote attacker with network access via HTTP who is able to obtain human interaction can impact additional products and result in an unauthorized update, insert, or delete access to some accessible data as well as unauthorized read access to a subset of accessible data. (CVE-2019-11358)

  • An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Load Testing for Web Apps (Apache POI). An authenticated, low priviledged remote attacker with network access to the infrastructure can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. (CVE-2019-12415)

  • An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder. An unauthenticated remote attacker with network access via HTTP can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. (CVE-2020-2673)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(133260);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/28");

  script_cve_id(
    "CVE-2016-4000",
    "CVE-2017-12626",
    "CVE-2017-14735",
    "CVE-2019-2904",
    "CVE-2019-11358",
    "CVE-2019-12415",
    "CVE-2020-2673"
  );
  script_bugtraq_id(
    102879,
    105647,
    105656,
    108023
  );
  script_xref(name:"IAVA", value:"2020-A-0150");
  script_xref(name:"IAVA", value:"2021-A-0328");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2020 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a web application installed that is affected by 
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle Application Testing Suite installed on the
remote host is affected by multiple vulnerabilities : 

  - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder (Jython)). 
  Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. 
  Easily exploitable vulnerability allows unauthenticated attacker with network 
  access via HTTP to compromise Oracle Application Testing Suite. Successful attacks
   of this vulnerability can result in takeover of Oracle Application Testing Suite. 
  (CVE-2016-4000)	

  - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager
    subcomponent Oracle Flow Builder (Jython).  An unauthenticated, remote attacker with network 
    access via HTTP to compromise Oracle Application Testing Suite. (CVE-2016-4000)

  - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager
    subcomponent Load Testing for Web Apps (Apache POI).  An unauthenticated, remote attacker with network 
    access via HTTP to compromise Oracle Application Testing Suite and cause the process to hang 
    or frequently repeatable crash (complete DOS). (CVE-2017-12626)

  - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager
    subcomponent Oracle Flow Builder (Apache POI).  An unauthenticated, remote attacker with network 
    access via HTTP to compromise Oracle Application Testing Suite and cause the process to hang 
    or frequently repeatable crash (complete DOS). (CVE-2017-12626)

  - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager
    subcomponent Load Testing for Web Apps (AntiSamy).  An unauthenticated, remote attacker with network 
    access via HTTP who is able to obtain human interaction can impact additional products and result in
    an unauthorized update, insert, or delete access to some accessible data as well as unauthorized
    read access to a subset of accessible data. (CVE-2017-14735)

  - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager
    subcomponent Oracle Flow Builder (Antisamy).  An unauthenticated, remote attacker with network 
    access via HTTP who is able to obtain human interaction can impact additional products and result in
    an unauthorized update, insert, or delete access to some accessible data as well as unauthorized
    read access to a subset of accessible data. (CVE-2017-14735)

  - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager
    subcomponent Load Testing for Web Apps (Application Development Framework).  An unauthenticated, remote attacker with network 
    access via HTTP can result in takeover of Oracle Application Testing Suite. (CVE-2019-2904)

  - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager
    subcomponent Oracle Flow Builder (jQuery).  An unauthenticated, remote attacker with network 
    access via HTTP who is able to obtain human interaction can impact additional products and result in
    an unauthorized update, insert, or delete access to some accessible data as well as unauthorized
    read access to a subset of accessible data. (CVE-2019-11358)

  - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager
    subcomponent Load Testing for Web Apps (Apache POI).  An authenticated, low priviledged remote attacker 
    with network access to the infrastructure can result in unauthorized access to critical data or 
   complete access to all Oracle Application Testing Suite accessible data. (CVE-2019-12415)

  - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager
    subcomponent Oracle Flow Builder.  An unauthenticated remote attacker 
    with network access via HTTP can result in unauthorized access to critical data or 
   complete access to all Oracle Application Testing Suite accessible data. (CVE-2020-2673)");
  # https://www.oracle.com/security-alerts/cpujan2020.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d22a1e87");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2020 Oracle
Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2904");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:application_testing_suite");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_application_testing_suite_installed.nbin");
  script_require_keys("installed_sw/Oracle Application Testing Suite");

  exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('smb_func.inc');
include('install_func.inc');
include('oracle_rdbms_cpu_func.inc');
include('obj.inc');

app_name = 'Oracle Application Testing Suite';

install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
ohome = install['Oracle Home'];
subdir = install['path'];
version = install['version'];

fix = NULL;
fix_ver = NULL;


# 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1 get checked against the same fix
if ((version =~ "^13\.[0123]\.") || version =~ "^12\.5\.0\.3")
{
  fix_ver = '13.3.0.1.365';
  fix = '30733044';
}
else 
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);

is_nix = TRUE;
if (get_kb_item('SMB/Registry/Enumerated'))
  is_nix = FALSE;

if (is_nix)
{
  second_patch = FALSE;

  # Check for 2nd patch.  
  ohomes = make_list(ohome);
  additional_patch = '30733056';
  patches = find_patches_in_ohomes(ohomes:ohomes); 
  if (!empty_or_null(patches))
  {
    
    foreach patch (keys(patches[ohome]))
    {
      if (patch == additional_patch)
      {
        second_patch = TRUE;
        break;
     }
    }
  }
}

# stay vuln until we prove we are patched...
VULN = FALSE;

# 2 Vulnerable scenario chks: 
# 1 - Windows and missing 30733044 patch - simple ver_compare
if (!is_nix && (ver_compare(ver:version, fix:fix_ver, strict:FALSE) == -1))
{
  VULN=TRUE;
}
# 2 - linux and [ missing 3044 patch OR missing additional 3056 patch ]
else if (is_nix && (ver_compare(ver:version, fix:fix_ver, strict:FALSE) == -1 || !second_patch))
{
  VULN=TRUE;
}
else 
{
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);
}

# if we've reached this, we are vuln  
report =
  '\n  Oracle home        : ' + ohome +
  '\n  Install path       : ' + subdir +
  '\n  Version            : ' + version + 
  '\n  Required patch(es) : ' ;

if (VULN)
    report += fix + ' \n';

if (is_nix){
  if (!second_patch)
    report += '                     : ' + additional_patch + '\n';
}

security_report_v4(extra:report, port:0, severity:SECURITY_HOLE);
VendorProductVersionCPE
oracleapplication_testing_suitecpe:/a:oracle:application_testing_suite

Related

ibm 34
veracode 5
osv 17
debiancve 5
symantec 7
cve 8
ubuntucve 5
prion 7
github 5
fedora 6
redhatcve 3
nessus 31
checkpoint_advisories 2
zdi 1
githubexploit 4
atlassian 13
openvas 20
alpinelinux 1
debian 8
typo3 1
f5 1
redhat 4
amazon 1
hackerone 1
joomla 1
drupal 1
gentoo 1
freebsd 1
cnvd 1
archlinux 1
attackerkb 1
oraclelinux 1
altlinux 1
ibm
ibm
Security Bulletin: Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure (CVE-2019-12415, CVE-2017-12626)
2020-12-21 12:38:35
Security Bulletin: Public disclosed vulnerability from Apache Poi
2018-12-04 01:50:02
Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for X-Force ID 220800 and CVE-2017-12626
2023-07-25 06:47:10
veracode
veracode
Cross-site Scripting (XSS)
2017-11-13 05:25:15
Denial Of Service (DoS)
2018-01-29 04:14:26
XML External Entity (XXE)
2019-10-24 07:13:29
osv
osv
OWASP AntiSamy Cross-site Scripting vulnerability
2018-10-18 17:22:11
CVE-2017-14735
2017-09-25 21:29:01
Denial of Service in Apache POI
2021-01-14 19:18:22
debiancve
debiancve
CVE-2017-14735
2017-09-25 21:29:00
CVE-2017-12626
2018-01-29 17:29:00
CVE-2019-12415
2019-10-23 20:15:00
symantec
symantec
OWASP AntiSamy CVE-2017-14735 Cross Site Scripting Vulnerability
2017-09-25 00:00:00
Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
2018-01-26 00:00:00
Apache POI CVE-2019-12415 XML External Entity Information Disclosure Vulnerability
2019-10-23 00:00:00
cve
cve
CVE-2017-14735
2017-09-25 21:29:00
CVE-2017-12626
2018-01-29 17:29:00
CVE-2019-12415
2019-10-23 20:15:00
ubuntucve
ubuntucve
CVE-2017-14735
2017-09-25 00:00:00
CVE-2017-12626
2018-01-29 00:00:00
CVE-2019-12415
2019-10-23 00:00:00
prion
prion
Cross site scripting
2017-09-25 21:29:00
Xxe
2019-10-23 20:15:00
Denial of service
2018-01-29 17:29:00
github
github
OWASP AntiSamy Cross-site Scripting vulnerability
2018-10-18 17:22:11
Denial of Service in Apache POI
2021-01-14 19:18:22
Improper Restriction of XML External Entity Reference in Apache POI
2022-05-24 16:59:46
fedora
fedora
[SECURITY] Fedora 28 Update: apache-poi-3.17-1.fc28
2018-04-27 04:19:01
[SECURITY] Fedora 30 Update: drupal7-7.66-1.fc30
2019-05-09 01:34:20
[SECURITY] Fedora 29 Update: drupal7-7.66-1.fc29
2019-05-09 03:18:10
redhatcve
redhatcve
CVE-2017-12626
2018-01-30 02:19:46
CVE-2019-12415
2020-02-13 11:44:58
CVE-2019-11358
2021-07-18 00:15:31
nessus
nessus
Apache POI < 3.17 Multiple DoS Vulnerabilities
2018-02-09 00:00:00
Fedora 28 : apache-poi (2018-4f2c2615b3)
2019-01-03 00:00:00
Oracle Primavera Unifier Multiple Vulnerabilities (Oct 2019 CPU)
2019-10-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle JDeveloper ADF Faces Insecure Deserialization (CVE-2019-2904)
2020-04-27 00:00:00
jQuery Prototype Pollution Object Cross-Site Scripting (CVE-2019-11358)
2019-04-29 00:00:00
zdi
zdi
Oracle ADF Faces Deserialization of Untrusted Data Remote Code Execution Vulnerability
2019-12-19 00:00:00
githubexploit
githubexploit
Exploit for Prototype Pollution in Jquery
2019-07-18 19:15:33
Exploit for Prototype Pollution in Jquery
2020-12-01 09:18:58
Exploit for Prototype Pollution in Jquery
2021-03-08 11:34:11
atlassian
atlassian
Address CVE-2019-11358 in the bundled version of jQuery
2019-07-08 22:50:18
Address CVE-2019-11358 in the bundled version of jQuery
2019-07-08 22:57:45
Address CVE-2019-11358 in the bundled version of jQuery
2019-07-08 22:50:18
openvas
openvas
Drupal jQuery XSS Vulnerability (SA-CORE-2019-006) - Windows
2019-04-24 00:00:00
Debian: Security Advisory (DSA-4434-1)
2019-04-21 00:00:00
Fedora Update for drupal7 FEDORA-2019-2a0ce0c58c
2019-05-09 00:00:00
alpinelinux
alpinelinux
CVE-2019-11358
2019-04-20 00:29:00
debian
debian
[SECURITY] [DLA 2118-1] otrs2 security update
2020-02-24 17:03:32
[SECURITY] [DLA 1777-1] jquery security update
2019-05-06 07:42:05
[SECURITY] [DSA 4434-1] drupal7 security update
2019-04-20 12:03:09
typo3
typo3
Cross-Site Scripting in jQuery before 3.4.0
2019-05-07 00:00:00
f5
f5
K20455158 : jQuery vulnerability CVE-2019-11358
2020-04-14 00:00:00
redhat
redhat
(RHSA-2020:1325) Moderate: python-XStatic-jQuery security update
2020-04-06 08:40:52
(RHSA-2020:5581) Moderate: python-XStatic-jQuery security update
2020-12-16 12:57:14
(RHSA-2019:2587) Moderate: CloudForms 4.7.9 security, bug fix and enhancement update
2019-09-05 05:18:52
amazon
amazon
Medium: pcs
2023-01-18 00:16:00
hackerone
hackerone
Node.js third-party modules: Prototype pollution attack through jQuery $.extend
2018-12-03 15:53:20
joomla
joomla
[20190403] - Core - Object.prototype pollution in JQuery $.extend
2019-03-25 00:00:00
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006
2019-04-17 00:00:00
gentoo
gentoo
Jython: Arbitrary code execution
2017-10-29 00:00:00
freebsd
freebsd
Django -- AdminURLFieldWidget XSS
2019-06-03 00:00:00
cnvd
cnvd
Silverstripe framework cross-site scripting vulnerability
2022-11-23 00:00:00
archlinux
archlinux
[ASA-201906-2] python-django: cross-site scripting
2019-06-04 00:00:00
attackerkb
attackerkb
CVE-2019-11358
2019-04-20 00:00:00
oraclelinux
oraclelinux
pcs security update
2022-11-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00

7.9 High

AI Score

Confidence

High

JSON
Related for ORACLE_OATS_CPU_JAN_2020.NASL
ibm34veracode5osv17debiancve5symantec7cve8ubuntucve5prion7github5fedora6redhatcve3nessus31checkpoint_advisories2zdi1githubexploit4atlassian13openvas20alpinelinux1debian8typo31f51redhat4amazon1hackerone1joomla1drupal1gentoo1freebsd1cnvd1archlinux1attackerkb1oraclelinux1altlinux1