Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_OATS_CPU_JAN_2024.NASL
HistoryJan 18, 2024 - 12:00 a.m.

Oracle Application Testing Suite DoS (January 2024 CPU)

2024-01-1800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
oracle application testing suite
denial of service
vulnerability
oracle enterprise manager
load testing
opencv
tcp
unauthorized access
hang
crash
cve-2023-2618
nessus scanner

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.9%

JSON

The version of Oracle Application Testing Suite installed on the remote host is affected by a denial of service vulnerability as referenced in the January 2024 CPU advisory:

  • Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (OpenCV)). Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. (CVE-2023-2618)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(189181);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/22");

  script_cve_id("CVE-2023-2618");
  script_xref(name:"IAVA", value:"2024-A-0029");

  script_name(english:"Oracle Application Testing Suite DoS (January 2024 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a denial of service vulnerability");
  script_set_attribute(attribute:"description", value:
"The version of Oracle Application Testing Suite installed on the remote host is affected by a denial of service 
vulnerability as referenced in the January 2024 CPU advisory:

  - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load 
    Testing for Web Apps (OpenCV)). Easily exploitable vulnerability allows unauthenticated attacker with network 
    access via TCP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can 
    result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle 
    Application Testing Suite. (CVE-2023-2618)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpujan2024csaf.json");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujan2024.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2024 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-2618");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/01/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:application_testing_suite");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_application_testing_suite_installed.nbin");
  script_require_keys("installed_sw/Oracle Application Testing Suite");

  exit(0);
}

include('vcf_extras_oracle.inc');

var app_info = vcf::oracle_oats::get_app_info();

var patches_to_report;
var patches_to_check;
if (get_kb_item('SMB/Registry/Enumerated'))
{
  patches_to_report = make_list('36174295');
}
else
{
  patches_to_report = make_list('36174295', '34395275');
  patches_to_check = make_list('34395275');
}


var constraints = [
  { 'min_version' : '13.3.0.1', 'fixed_version' : '13.3.0.1.586' }
];

vcf::oracle_oats::check_version_and_report(
  app_info:app_info,
  severity:SECURITY_HOLE,
  constraints:constraints,
  patches_to_report:patches_to_report,
  patches_to_check:patches_to_check
);
VendorProductVersionCPE
oracleapplication_testing_suitecpe:/a:oracle:application_testing_suite

Related

redhatcve 1
prion 1
ubuntucve 1
osv 1
cvelist 1
veracode 1
debiancve 1
alpinelinux 1
nvd 1
cve 1
oracle 2
redhatcve
redhatcve
CVE-2023-2618
2023-06-13 17:35:45
prion
prion
Design/Logic Flaw
2023-05-10 06:15:00
ubuntucve
ubuntucve
CVE-2023-2618
2023-05-10 00:00:00
osv
osv
CVE-2023-2618
2023-05-10 06:15:17
cvelist
cvelist
CVE-2023-2618 OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak
2023-05-10 05:31:04
veracode
veracode
Denial Of Services (DoS)
2023-10-16 13:31:51
debiancve
debiancve
CVE-2023-2618
2023-05-10 06:15:17
alpinelinux
alpinelinux
CVE-2023-2618
2023-05-10 06:15:00
nvd
nvd
CVE-2023-2618
2023-05-10 06:15:17
cve
cve
CVE-2023-2618
2023-05-10 06:15:17
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.9%

JSON
Related for ORACLE_OATS_CPU_JAN_2024.NASL
redhatcve1prion1ubuntucve1osv1cvelist1veracode1debiancve1alpinelinux1nvd1cve1oracle2