Lucene search
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2019.NASLHistoryJan 18, 2019 - 12:00 a.m.
Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2019 CPU)
2019-01-1800:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
55
According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.6 or 17.x prior to 17.12.9.2 or 18.x prior to 18.8.4.1. It is, therefore, affected by multiple vulnerabilities:
-
An arbitrary file upload vulnerability exists in Blueimp jQuery-File-Upload. An unauthenticated, remote attacker can exploit this to upload arbitrary files on the remote host subject to the privileges of the user.
-
A remote command execution vulnerability exists in jackson-databind due to a failure to block various classes from polymorphic deserialization. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2018-14718, CVE-2018-14719 CVE-2018-14720, CVE-2018-14721)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(121251);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/24");
script_cve_id(
"CVE-2018-9206",
"CVE-2018-14718",
"CVE-2018-14719",
"CVE-2018-14720",
"CVE-2018-14721"
);
script_name(english:"Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2019 CPU)");
script_set_attribute(attribute:"synopsis", value:
"An application running on the remote web server is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Oracle Primavera
Unifier installation running on the remote web server is 16.x prior to
16.2.15.6 or 17.x prior to 17.12.9.2 or 18.x prior to 18.8.4.1. It is,
therefore, affected by multiple vulnerabilities:
- An arbitrary file upload vulnerability exists in Blueimp
jQuery-File-Upload. An unauthenticated, remote attacker
can exploit this to upload arbitrary files on the remote
host subject to the privileges of the user.
- A remote command execution vulnerability exists in
jackson-databind due to a failure to block various
classes from polymorphic deserialization. An
unauthenticated, remote attacker can exploit this to
execute arbitrary code. (CVE-2018-14718, CVE-2018-14719
CVE-2018-14720, CVE-2018-14721)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
# https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?799b2d05");
script_set_attribute(attribute:"solution", value:
"Upgrade to Oracle Primavera Unifier version 16.2.15.6 / 17.12.9.2 / 18.8.4.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9206");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-14721");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"d2_elliot_name", value:"jQuery File Upload");
script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'blueimps jQuery (Arbitrary) File Upload');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/11");
script_set_attribute(attribute:"patch_publication_date", value:"2019/01/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:primavera_unifier");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("oracle_primavera_unifier.nbin");
script_require_keys("installed_sw/Oracle Primavera Unifier", "www/weblogic");
script_require_ports("Services/www", 8002);
exit(0);
}
include("http.inc");
include("vcf.inc");
get_install_count(app_name:"Oracle Primavera Unifier", exit_if_zero:TRUE);
port = get_http_port(default:8002);
get_kb_item_or_exit("www/weblogic/" + port + "/installed");
app_info = vcf::get_app_info(app:"Oracle Primavera Unifier", port:port);
vcf::check_granularity(app_info:app_info, sig_segments:3);
constraints = [
{ "min_version" : "16.1.0.0", "fixed_version" : "16.2.15.6" },
{ "min_version" : "17.1.0.0", "fixed_version" : "17.12.9.2" },
{ "min_version" : "18.8.0.0", "fixed_version" : "18.8.4.1" }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | primavera_unifier | cpe:/a:oracle:primavera_unifier |
Related
ibm
ibm
nessus
nessus
FreeBSD : payara -- multiple vulnerabilities (71c71ce0-0805-11eb-a3a4-0019dbb15b3f)
2020-10-09 00:00:00
Debian DLA-1703-1 : jackson-databind security update
2019-03-05 00:00:00
freebsd
freebsd
payara -- multiple vulnerabilities
2019-02-01 00:00:00
redhat
redhat
debian
debian
[SECURITY] [DLA 1703-1] jackson-databind security update
2019-03-04 12:13:19
[SECURITY] [DSA 4452-1] jackson-databind security update
2019-05-24 21:04:55
osv
osv
jackson-databind - security update
2019-03-04 00:00:00
jackson-databind - security update
2019-05-24 00:00:00
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload
2018-10-22 18:53:56
openvas
openvas
Debian: Security Advisory (DLA-1703-1)
2019-03-03 00:00:00
Fedora Update for jackson-module-jsonSchema FEDORA-2019-df57551f6d
2019-05-07 00:00:00
Fedora Update for jackson-core FEDORA-2019-df57551f6d
2019-05-07 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: jackson-dataformats-text-2.9.8-1.fc29
2019-02-19 14:03:52
[SECURITY] Fedora 29 Update: jackson-core-2.9.8-1.fc29
2019-02-19 14:03:52
[SECURITY] Fedora 29 Update: jackson-bom-2.9.8-1.fc29
2019-02-19 14:03:52
packetstorm
packetstorm
Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload
2019-01-17 00:00:00
blueimp jQuery Arbitrary File Upload
2018-11-05 00:00:00
github
github
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload
2018-10-22 18:53:56
Arbitrary Code Execution in jackson-databind
2019-01-04 19:06:55
XML External Entity Reference (XXE) in jackson-databind
2019-01-04 19:09:46
checkpoint_advisories
checkpoint_advisories
Blueimp jQuery File Upload Remote Code Execution (CVE-2018-9206)
2018-11-01 00:00:00
prion
prion
Design/Logic Flaw
2018-10-11 15:29:00
Deserialization of untrusted data
2019-01-02 18:29:00
Deserialization of untrusted data
2019-01-02 18:29:00
wpexploit
wpexploit
Tajer - Unauthenticated Arbitrary File Upload
2018-10-15 00:00:00
Art-Picture-Gallery <= 1.2.9 - Unauthenticated Arbitrary File Upload
2020-04-02 00:00:00
dsquare
dsquare
jQuery File Upload
2018-10-18 00:00:00
zdt
zdt
blueimp jQuery Arbitrary File Upload Exploit
2018-11-05 00:00:00
veracode
veracode
Arbitrary File Upload
2018-10-12 02:43:31
Remote Code Execution (RCE)
2019-01-03 02:29:19
Deserialisation Of Untrusted Data
2018-12-28 07:34:07
metasploit
metasploit
blueimp's jQuery (Arbitrary) File Upload
2018-10-23 04:35:42
kitploit
kitploit
wpvulndb
wpvulndb
Art-Picture-Gallery <= 1.2.9 - Unauthenticated Arbitrary File Upload
2020-04-02 00:00:00
Tajer - Unauthenticated Arbitrary File Upload
2018-10-15 00:00:00
threatpost
threatpost
Thousands of Applications Vulnerable to RCE via jQuery File Upload
2018-10-23 12:31:06
patchstack
patchstack
exploitpack
exploitpack
Blueimps jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
2019-01-16 00:00:00
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
2018-10-11 00:00:00
ubuntucve
ubuntucve
canvas
canvas
Immunity Canvas: JQUERY_FILE_UPLOAD
2018-10-11 15:29:00
cve
cve
debiancve
debiancve
atlassian
atlassian
redhatcve
redhatcve
exploitdb
exploitdb
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
2019-01-16 00:00:00
blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)
2018-11-06 00:00:00
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
2018-10-11 00:00:00
impervablog
impervablog
CrimeOps of the KashmirBlack Botnet – Part II
2020-10-22 18:55:05
ubuntu
ubuntu
Jackson Databind vulnerabilities
2021-03-15 00:00:00
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00
Related for ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2019.NASL