Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_WEBCENTER_CONTENT_OCT_2013_CPU.NASL
HistoryNov 21, 2013 - 12:00 a.m.

Oracle WebCenter Content Server Subcomponent Remote Issue (October 2013 CPU)

2013-11-2100:00:00
This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

56.7%

JSON

The version of Oracle WebCenter Content installed on the remote host is potentially affected by an unspecified remote security vulnerability in the Content Server component.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(71022);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2013-5813");
  script_bugtraq_id(63049);

  script_name(english:"Oracle WebCenter Content Server Subcomponent Remote Issue (October 2013 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by an unspecified remote security
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle WebCenter Content installed on the remote host is
potentially affected by an unspecified remote security vulnerability
in the Content Server component.");
  # http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ac29c174");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2013 Oracle
Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5813");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/21");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_webcenter_content_detect.nasl");
  script_require_keys("installed_sw/Oracle WebCenter Content", "Settings/ParanoidReport");
  script_exclude_keys("Settings/disable_cgi_scanning");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

appname = "Oracle WebCenter Content";

if (report_paranoia < 2) audit(AUDIT_PARANOID);

get_install_count(app_name:appname, exit_if_zero:TRUE);

port = get_http_port(default:80);

install = get_single_install(app_name:appname, port:port, exit_if_unknown_ver:TRUE);

version = install['version'];
dir = install['path'];

install_url = build_url(port: port, qs:dir);

matches = eregmatch(string:version, pattern:"([0-9.]+) \(([0-9.]+)\)");
if (isnull(matches)) audit(AUDIT_VER_FORMAT, version);
main_ver = matches[1];
sub_ver = matches[2];

report = '';

if (main_ver == "11.1.1.8.0")
{
  # Patch 17453460
  # 11.1.1.8.0PSU-2013-09-13 15:21:10Z-r110081
  # 11.1.1.8.0 (110081)
  fixed_build = 110081;
  build = int(sub_ver);
  if (build < fixed_build)
  {
    report = '\n  Installed version : ' + main_ver + ' (' + sub_ver + ')' +
             '\n  Fixed version     : 11.1.1.8.0 (110081)' +
             '\n  Required patch    : 17453460\n';
  }
}
else if (main_ver == "11.1.1.7.0")
{
  # Patch 17180477:
  # 11gR1-11.1.1.7.0-idcprod1-130909T054136
  fix_dt = 130909;
  fix_ts = 054136;

  temp = split(sub_ver, sep:"T", keep:FALSE);
  if (
    int(temp[0]) < fix_dt ||
    (int(temp[0]) == fix_dt && int(temp[1]) < fix_ts)
  )
  {
    report = '\n  Installed version : ' + main_ver + ' (' + sub_ver + ')' +
             '\n  Fixed version     : 11.1.1.7.0 (130909T054136)' +
             '\n  Required patch    : 17180477\n';
  }
}
else if (main_ver == "11.1.1.6.0")
{
  # Patch 17046964:
  # 11gR1-11.1.1.6.0-idcprod1-130806T205208
  fix_dt = 130806;
  fix_ts = 205208;

  temp = split(sub_ver, sep:"T", keep:FALSE);
  if (
    int(temp[0]) < fix_dt ||
    (int(temp[0]) == fix_dt && int(temp[1]) < fix_ts)
  )
  {
    report = '\n  Installed version : ' + main_ver + ' (' + sub_ver + ')' +
             '\n  Fixed version     : 11.1.1.6.0 (130806T205208)' +
             '\n  Required patch    : 17046964\n';
  }
}
else if (main_ver == "10.1.3.5.1")
{
  # Patch 17289573
  # 10.1.3.5.1 (130829)
  fixed_build = 130829;
  build = int(sub_ver);
  if (build < fixed_build)
  {
    report = '\n  Installed version : ' + main_ver + ' (' + sub_ver + ')' +
             '\n  Fixed version     : 10.1.3.5.1 (130829)' +
             '\n  Required patch    : 17289573\n';
  }
}

if (report == '') audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, install_url, version);

if (report_verbosity > 0) security_warning(extra:report, port:port);
else security_warning(port);
VendorProductVersionCPE
oraclefusion_middlewarecpe:/a:oracle:fusion_middleware

Related

cve 1
cvelist 1
nvd 1
prion 1
securityvulns 1
oracle 1
cve
cve
CVE-2013-5813
2013-10-16 17:55:05
cvelist
cvelist
CVE-2013-5813
2013-10-16 17:31:00
nvd
nvd
CVE-2013-5813
2013-10-16 17:55:05
prion
prion
Design/Logic Flaw
2013-10-16 17:55:00
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
2013-12-09 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2013
2013-10-15 00:00:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

56.7%

JSON
Related for ORACLE_WEBCENTER_CONTENT_OCT_2013_CPU.NASL
cve1cvelist1nvd1prion1securityvulns1oracle1