Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_RDBMS_CPU_OCT_2018.NASL
HistoryOct 19, 2018 - 12:00 a.m.

Oracle Database Server Multiple Vulnerabilities (October 2018 CPU)

2018-10-1900:00:00
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
178
JSON

The remote Oracle Database Server is missing the October 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities, including remote code execution, as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(118230);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2018-3259", "CVE-2018-3299", "CVE-2018-7489");
  script_bugtraq_id(103203, 105648);

  script_name(english:"Oracle Database Server Multiple Vulnerabilities (October 2018 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Database Server is missing the October 2018 Critical
Patch Update (CPU). It is, therefore, affected by multiple
vulnerabilities, including remote code execution, as noted in the
October 2018 Critical Patch Update advisory. Please consult the CVRF
details for the applicable CVEs for additional information.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  # https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixDB
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5c7f8345");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2018 Oracle
Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7489");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/10/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");

  exit(0);
}

include('vcf_extras_oracle.inc');

var app_info = vcf::oracle_rdbms::get_app_info();

var constraints = [
  # RDBMS:
  {'min_version': '18.4', 'fixed_version': '18.4.0.0.181016', 'missing_patch':'28689117, 28655784', 'os':'unix', 'component':'db'},
  {'min_version': '18.3', 'fixed_version': '18.3.1.0.181016', 'missing_patch':'28507480', 'os':'unix', 'component':'db'},
  {'min_version': '18.0', 'fixed_version': '18.2.2.0.181016', 'missing_patch':'28601267', 'os':'unix', 'component':'db'},

  {'min_version': '12.2.0.1', 'fixed_version': '12.2.0.1.181016', 'missing_patch':'28689128, 28662603', 'os':'unix', 'component':'db'},
  {'min_version': '12.2.0.1', 'fixed_version': '12.2.0.1.181016', 'missing_patch':'28574555', 'os':'win', 'component':'db'},
 
  {'min_version': '12.1.0.2', 'fixed_version': '12.1.0.2.181016', 'missing_patch':'28689146, 28259833', 'os':'unix', 'component':'db'},
  {'min_version': '12.1.0.2', 'fixed_version': '12.1.0.2.181016', 'missing_patch':'28563501', 'os':'win', 'component':'db'},
 
  {'min_version': '11.2.0.4', 'fixed_version': '11.2.0.4.181016', 'missing_patch':'28689160, 28204707', 'os':'unix', 'component':'db'},
  {'min_version': '11.2.0.4', 'fixed_version': '11.2.0.4.181016', 'missing_patch':'28265827', 'os':'win', 'component':'db'},

  # OJVM
  {'min_version': '18.0', 'fixed_version': '18.4.0.0.181016', 'missing_patch':'28502229', 'os':'unix', 'component':'ojvm'},

  {'min_version': '12.2.0.1', 'fixed_version': '12.2.0.1.181016', 'missing_patch':'28440725', 'os':'unix', 'component':'ojvm'},
  {'min_version': '12.2.0.1', 'fixed_version': '12.2.0.1.181016', 'missing_patch':'28412312', 'os':'win', 'component':'ojvm'},

  {'min_version': '12.1.0.2', 'fixed_version': '12.1.0.2.181016', 'missing_patch':'28440711', 'os':'unix', 'component':'ojvm'},
  {'min_version': '12.1.0.2', 'fixed_version': '12.1.0.2.181016', 'missing_patch':'28412299', 'os':'win', 'component':'ojvm'},

  {'min_version': '11.2.0.4', 'fixed_version': '11.2.0.4.181016', 'missing_patch':'28440700', 'os':'unix', 'component':'ojvm'},
  {'min_version': '11.2.0.4', 'fixed_version': '11.2.0.4.181016', 'missing_patch':'28412269', 'os':'win', 'component':'ojvm'}
];

vcf::oracle_rdbms::check_version_and_report(app_info:app_info, severity:SECURITY_HOLE, constraints:constraints);
VendorProductVersionCPE
oracledatabase_servercpe:/a:oracle:database_server

Related

nessus 12
ibm 23
prion 4
cve 4
openvas 4
fedora 1
osv 4
debian 2
redhatcve 2
veracode 1
freebsd 1
github 2
ubuntucve 1
redhat 14
debiancve 1
checkpoint_advisories 1
hp 1
oracle 8
nessus
nessus
Fedora 28 : jackson-databind (2018-633acf0ed6)
2019-01-03 00:00:00
FreeBSD : payara -- Default typing issue in Jackson Databind (93f8e0ff-f33d-11e8-be46-0019dbb15b3f)
2018-11-29 00:00:00
Debian DSA-4190-1 : jackson-databind - security update
2018-05-04 00:00:00
ibm
ibm
Security Bulletin: FasterXML Vulnerability in Jackson-Databind Affects IBM Sterling Connect:Direct File Agent (CVE-2018-7489)
2021-07-23 17:59:06
Security Bulletin: Multiple vulnerabilities has been identified in Jackson JSON library shipped with IBM Tivoli Netcool/OMNIbus Integrations Transport Module Common Integration Library (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)
2018-06-17 15:51:29
Security Bulletin: Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)
2023-01-03 15:55:34
prion
prion
Buffer overflow
2018-10-17 01:31:00
Design/Logic Flaw
2018-10-17 01:31:00
Design/Logic Flaw
2018-02-26 15:29:00
cve
cve
CVE-2018-3299
2018-10-17 01:31:00
CVE-2018-3259
2018-10-17 01:31:00
CVE-2018-7489
2018-02-26 15:29:00
openvas
openvas
Oracle Database Server 'Oracle Text' Component Unspecified Vulnerability
2018-10-17 00:00:00
Oracle Database Server 'Rapid Home Provisioning' Component Unspecified Vulnerability
2018-10-17 00:00:00
Oracle Database Server 'Java VM' Component Unspecified Vulnerability
2018-10-17 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: jackson-databind-2.9.4-3.fc28
2018-04-01 00:46:43
osv
osv
jackson-databind - security update
2018-05-03 00:00:00
CVE-2018-7489
2018-02-26 15:29:00
FasterXML jackson-databind allows unauthenticated remote code execution
2018-10-16 17:45:18
debian
debian
[SECURITY] [DSA 4190-1] jackson-databind security update
2018-05-03 13:56:38
[SECURITY] [DSA 4190-1] jackson-databind security update
2018-05-03 13:56:38
redhatcve
redhatcve
CVE-2018-7489
2020-12-06 11:49:47
CVE-2019-10202
2019-10-12 02:27:16
veracode
veracode
Remote Code Execution (RCE)
2018-02-27 02:43:42
freebsd
freebsd
payara -- Default typing issue in Jackson Databind
2018-02-26 00:00:00
github
github
FasterXML jackson-databind allows unauthenticated remote code execution
2018-10-16 17:45:18
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
2022-05-24 16:57:28
ubuntucve
ubuntucve
CVE-2018-7489
2018-02-26 00:00:00
redhat
redhat
(RHSA-2018:1786) Moderate: Red Hat OpenShift Application Runtimes security and bug fix update
2018-06-04 11:15:04
(RHSA-2018:2090) Moderate: Red Hat JBoss Enterprise Application Platform security update
2018-06-27 14:46:20
(RHSA-2018:2938) Moderate: Red Hat OpenShift Application Runtimes Thorntail 2.2.0 security & bug fix update
2018-10-17 13:02:36
debiancve
debiancve
CVE-2018-7489
2018-02-26 15:29:00
checkpoint_advisories
checkpoint_advisories
Apache Struts2 Jackson Library Remote Code Execution (CVE-2017-15095; CVE-2017-17485; CVE-2017-7525; CVE-2018-7489)
2017-12-05 00:00:00
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
JSON
Related for ORACLE_RDBMS_CPU_OCT_2018.NASL
nessus12ibm23prion4cve4openvas4fedora1osv4debian2redhatcve2veracode1freebsd1github2ubuntucve1redhat14debiancve1checkpoint_advisories1hp1oracle8