Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_RDBMS_CPU_JUL_2020.NASL
HistoryJul 16, 2020 - 12:00 a.m.

Oracle Database Server Multiple Vulnerabilities (Jul 2020 CPU)

2020-07-1600:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
157

8.5 High

AI Score

Confidence

Low

JSON

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory.

  • Vulnerability in the MapViewer (Apache Commons FileUpload) component of Oracle Database Server.
    Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise MapViewer (Apache Commons FileUpload). Successful attacks of this vulnerability can result in takeover of MapViewer (Apache Commons FileUpload). Note: MapViewer is not deployed with a default installation. To use MapViewer the customer needs to re-deploy MapViewer EAR file into Oracle WebLogic Server. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).
    (CVE-2016-1000031)

  • Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). (CVE-2020-2968)

  • Vulnerability in the Core RDBMS (zlib) component of Oracle Database Server. The supported version that is affected is 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session privilege with network access via Oracle Net to compromise Core RDBMS (zlib). Successful attacks of this vulnerability can result in takeover of Core RDBMS (zlib). CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts).(CVE-2016-9843)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(138528);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/01");

  script_cve_id(
    "CVE-2016-9843",
    "CVE-2016-1000031",
    "CVE-2018-18314",
    "CVE-2019-10086",
    "CVE-2019-13990",
    "CVE-2019-16943",
    "CVE-2019-17569",
    "CVE-2020-2513",
    "CVE-2020-2968",
    "CVE-2020-2969",
    "CVE-2020-2971",
    "CVE-2020-2972",
    "CVE-2020-2973",
    "CVE-2020-2974",
    "CVE-2020-2975",
    "CVE-2020-2976",
    "CVE-2020-2977",
    "CVE-2020-2978",
    "CVE-2020-8112"
  );
  script_bugtraq_id(93604, 95131, 106145);
  script_xref(name:"IAVA", value:"2020-A-0328");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");
  script_xref(name:"IAVA", value:"2023-A-0559");

  script_name(english:"Oracle Database Server Multiple Vulnerabilities (Jul 2020 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as
referenced in the July 2020 CPU advisory.

  - Vulnerability in the MapViewer (Apache Commons
    FileUpload) component of Oracle Database Server.
    Supported versions that are affected are 12.2.0.1, 18c
    and 19c. Easily exploitable vulnerability allows low
    privileged attacker having Valid User Account privilege
    with network access via HTTP to compromise MapViewer
    (Apache Commons FileUpload). Successful attacks of this
    vulnerability can result in takeover of MapViewer
    (Apache Commons FileUpload). Note: MapViewer is not
    deployed with a default installation. To use MapViewer
    the customer needs to re-deploy MapViewer EAR file into
    Oracle WebLogic Server. CVSS 3.1 Base Score 8.8
    (Confidentiality, Integrity and Availability impacts).
    (CVE-2016-1000031)

  - Vulnerability in the Java VM component of Oracle
    Database Server. Supported versions that are affected
    are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult
    to exploit vulnerability allows low privileged attacker
    having Create Session, Create Procedure privilege with
    network access via multiple protocols to compromise Java
    VM. Successful attacks require human interaction from a
    person other than the attacker and while the
    vulnerability is in Java VM, attacks may significantly
    impact additional products. Successful attacks of this
    vulnerability can result in takeover of Java VM. CVSS
    3.1 Base Score 8.0 (Confidentiality, Integrity and
    Availability impacts). (CVE-2020-2968)

  - Vulnerability in the Core RDBMS (zlib) component of
    Oracle Database Server. The supported version that is
    affected is 18c. Easily exploitable vulnerability allows
    high privileged attacker having Create Session privilege
    with network access via Oracle Net to compromise Core
    RDBMS (zlib). Successful attacks of this vulnerability
    can result in takeover of Core RDBMS (zlib). CVSS 3.1
    Base Score 7.2 (Confidentiality, Integrity and
    Availability impacts).(CVE-2016-9843)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujul2020.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2020 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13990");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-16943");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");

  exit(0);
}

include('vcf_extras_oracle.inc');

var app_info = vcf::oracle_rdbms::get_app_info();

var constraints = [
  # RDBMS:
  {'min_version': '19.8', 'fixed_version': '19.8.0.0.200714', 'missing_patch':'31281355', 'os':'unix', 'component':'db'},
  {'min_version': '19.0', 'fixed_version': '19.8.0.0.200714', 'missing_patch':'31247621', 'os':'win', 'component':'db'},
  {'min_version': '19.7', 'fixed_version': '19.7.1.0.200714', 'missing_patch':'31204483', 'os':'unix', 'component':'db'},
  {'min_version': '19.0', 'fixed_version': '19.6.2.0.200714', 'missing_patch':'31212138', 'os':'unix', 'component':'db'},

  {'min_version': '18.11', 'fixed_version': '18.11.0.0.200714', 'missing_patch':'31308624', 'os':'unix', 'component':'db'},
  {'min_version': '18.0', 'fixed_version': '18.11.0.0.200714', 'missing_patch':'31247612', 'os':'win', 'component':'db'},
  {'min_version': '18.10', 'fixed_version': '18.10.1.0.200714', 'missing_patch':'31211410', 'os':'unix', 'component':'db'},
  {'min_version': '18.0', 'fixed_version': '18.9.2.0.200714', 'missing_patch':'31212186', 'os':'unix', 'component':'db'},

  {'min_version': '12.2.0.1.0', 'fixed_version': '12.2.0.1.200714', 'missing_patch':'31312468, 31212219, 31199988', 'os':'unix', 'component':'db'},
  {'min_version': '12.2.0.1.0', 'fixed_version': '12.2.0.1.200714', 'missing_patch':'31210848', 'os':'win', 'component':'db'},

  {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.200714', 'missing_patch':'31113348, 31001106', 'os':'unix', 'component':'db'},
  {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.200714', 'missing_patch':'31211574', 'os':'win', 'component':'db'},

  {'min_version': '11.2.0.4', 'fixed_version': '11.2.0.4.200714', 'missing_patch':'31103343, 31338362, 31103314', 'os':'unix', 'component':'db'},
  {'min_version': '11.2.0.4', 'fixed_version': '11.2.0.4.200414', 'missing_patch':'31169916', 'os':'win', 'component':'db'},

  # OJVM:
  {'min_version': '19.0',  'fixed_version': '19.8.0.0.200714', 'missing_patch':'31219897', 'os':'unix', 'component':'ojvm'},
  {'min_version': '19.0',  'fixed_version': '19.8.0.0.200714', 'missing_patch':'31219897', 'os':'win', 'component':'ojvm'},

  {'min_version': '18.0',  'fixed_version': '18.11.0.0.200714', 'missing_patch':'31219909', 'os':'unix', 'component':'ojvm'},
  {'min_version': '18.0',  'fixed_version': '18.11.0.0.200714', 'missing_patch':'31219909', 'os':'win', 'component':'ojvm'},

  {'min_version': '12.2.0.1.0',  'fixed_version': '12.2.0.1.200714', 'missing_patch':'31219919', 'os':'unix', 'component':'ojvm'},
  {'min_version': '12.2.0.1.0',  'fixed_version': '12.2.0.1.200714', 'missing_patch':'31465105', 'os':'win', 'component':'ojvm'},

  {'min_version': '12.1.0.2.0',  'fixed_version': '12.1.0.2.200714', 'missing_patch':'31219939', 'os':'unix', 'component':'ojvm'},
  {'min_version': '12.1.0.2.0',  'fixed_version': '12.1.0.2.200714', 'missing_patch':'31465095', 'os':'win', 'component':'ojvm'},

  {'min_version': '11.2.0.4',  'fixed_version': '11.2.0.4.200714', 'missing_patch':'31219953', 'os':'unix', 'component':'ojvm'},
  {'min_version': '11.2.0.4',  'fixed_version': '11.2.0.4.200414', 'missing_patch':'31169933', 'os':'win', 'component':'ojvm'}

];

vcf::oracle_rdbms::check_version_and_report(app_info:app_info, severity:SECURITY_HOLE, constraints:constraints);
VendorProductVersionCPE
oracledatabase_servercpe:/a:oracle:database_server

References

Related

ibm 76
nessus 18
osv 11
redhatcve 4
ubuntucve 6
prion 10
debiancve 6
alpinelinux 2
freebsd 1
openvas 12
atlassian 5
cve 9
github 4
checkpoint_advisories 2
cisa 1
zdi 1
cisco 1
veracode 6
f5 2
rosalinux 1
mageia 2
symantec 3
suse 1
oraclelinux 2
fedora 6
redhat 6
mariadbunix 1
ibm
ibm
Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt
2020-10-16 07:50:55
Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Contract Management
2020-10-16 07:47:21
Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management
2020-10-16 07:51:45
nessus
nessus
Oracle Primavera Unifier (Apr 2020 CPU)
2020-04-15 00:00:00
Apache Struts <= 2.3.36 FileUpload Deserialization Vulnerability
2018-11-05 00:00:00
Atlassian JIRA Service Desk < 4.20.26 / 5.4.x < 5.4.10 / 5.5.x < 5.7.2 / 5.8.x < 5.8.2 / 5.9.x < 5.9.2 / 5.10.x < 5.10.1 (JSDSERVER-14401)
2023-10-20 00:00:00
osv
osv
CVE-2019-13990
2019-07-26 19:15:11
CVE-2018-18314
2018-12-07 21:29:00
Improper Access Control in commons-fileupload
2018-12-21 17:51:51
redhatcve
redhatcve
CVE-2019-13990
2020-02-10 11:44:18
CVE-2018-18314
2020-03-31 08:38:43
CVE-2019-17569
2020-02-25 07:49:47
ubuntucve
ubuntucve
CVE-2019-13990
2019-07-26 00:00:00
CVE-2016-1000031
2016-10-25 00:00:00
CVE-2018-18314
2018-11-29 00:00:00
prion
prion
Buffer overflow
2018-12-07 21:29:00
Remote code execution
2016-10-25 14:29:00
Design/Logic Flaw
2019-07-26 19:15:00
debiancve
debiancve
CVE-2018-18314
2018-12-07 21:29:00
CVE-2016-1000031
2016-10-25 14:29:00
CVE-2019-13990
2019-07-26 19:15:00
alpinelinux
alpinelinux
CVE-2018-18314
2018-12-07 21:29:00
CVE-2016-9843
2017-05-23 04:29:00
freebsd
freebsd
Axis2 -- Security vulnerability on dependency Apache Commons FileUpload
2016-11-14 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1212-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for jakarta-commons-fileupload (openSUSE-SU-2019:1399-1)
2019-05-16 00:00:00
Mageia: Security Advisory (MGASA-2021-0133)
2022-01-28 00:00:00
atlassian
atlassian
Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
2019-02-14 22:03:17
Crucible had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
2019-02-14 21:59:23
Crucible had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
2019-02-14 21:59:23
cve
cve
CVE-2019-13990
2019-07-26 19:15:00
CVE-2018-18314
2018-12-07 21:29:00
CVE-2016-1000031
2016-10-25 14:29:00
github
github
XML external entity injection in Terracotta Quartz Scheduler
2020-07-01 17:55:03
Potential HTTP request smuggling in Apache Tomcat
2020-02-28 01:10:58
Improper Access Control in commons-fileupload
2018-12-21 17:51:51
checkpoint_advisories
checkpoint_advisories
Apache Struts Remote Code Execution (CVE-2016-1000031)
2018-11-07 00:00:00
Apache Struts 2 Commons FileUpload Insecure Deserialization (CVE-2016-1000031)
2019-02-14 00:00:00
cisa
cisa
Apache Releases Security Advisory for Apache Struts
2018-11-05 00:00:00
zdi
zdi
Novell NetIQ Sentinel Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability
2016-10-17 00:00:00
cisco
cisco
Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018
2018-11-07 00:00:00
veracode
veracode
Remote Code Execution
2019-05-16 03:25:55
HTTP Request Smuggling
2020-02-25 07:52:44
XML External Entity (XXE)
2020-02-19 04:27:53
f5
f5
K25206238 : Apache Commons FileUpload vulnerability CVE-2016-1000031
2018-04-02 00:00:00
K66289873 : Apache Tomcat vulnerability CVE-2019-17569
2020-03-04 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2272
2023-10-22 06:16:50
mageia
mageia
Updated quartz packages fix a security vulnerability
2021-03-15 00:20:42
Updated apache-commons-beanutils packages fix security vulnerability
2019-12-19 16:44:26
symantec
symantec
Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
2016-10-17 00:00:00
FasterXML Jackson-databind CVE-2019-16943 Remote Code Execution Vulnerability
2019-09-27 00:00:00
Apache Commons Beanutils CVE-2019-10086 Remote Security Vulnerability
2019-08-15 00:00:00
suse
suse
Security update for jakarta-commons-fileupload (important)
2019-05-15 00:00:00
oraclelinux
oraclelinux
openjpeg2 security update
2020-02-25 00:00:00
openjpeg2 security update
2020-02-20 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: mingw-openjpeg2-2.3.1-7.fc31
2020-02-22 01:34:48
[SECURITY] Fedora 30 Update: apache-commons-beanutils-1.9.4-1.fc30
2019-11-13 09:58:19
[SECURITY] Fedora 31 Update: openjpeg2-2.3.1-6.fc31
2020-02-22 01:34:49
redhat
redhat
(RHSA-2020:0057) Important: rh-java-common-apache-commons-beanutils security update
2020-01-08 11:00:17
(RHSA-2020:0570) Important: openjpeg2 security update
2020-02-24 09:12:48
(RHSA-2020:0569) Important: openjpeg2 security update
2020-02-24 09:11:55
mariadbunix
mariadbunix
CVE-2016-9843
2017-05-23 04:29:01

8.5 High

AI Score

Confidence

Low

JSON
Related for ORACLE_RDBMS_CPU_JUL_2020.NASL
ibm76nessus18osv11redhatcve4ubuntucve6prion10debiancve6alpinelinux2freebsd1openvas12atlassian5cve9github4checkpoint_advisories2cisa1zdi1cisco1veracode6f52rosalinux1mageia2symantec3suse1oraclelinux2fedora6redhat6mariadbunix1