Lucene search
K

Oracle WebCenter Content Server Component Unspecified Issue (October 2017 CPU)

🗓️ 19 Oct 2017 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 24 Views

Oracle WebCenter Content Server Unspecified Vulnerability (Oct 2017

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNVD
Unspecified Vulnerability in Oracle WebCenter Content
18 Oct 201700:00
cnvd
CVE
CVE-2017-10360
19 Oct 201717:00
cve
Cvelist
CVE-2017-10360
19 Oct 201717:00
cvelist
EUVD
EUVD-2017-2007
7 Oct 202500:30
euvd
NVD
CVE-2017-10360
19 Oct 201717:29
nvd
Oracle
Oracle Critical Patch Update - October 2017
17 Oct 201700:00
oracle
OSV
CVE-2017-10360
19 Oct 201717:29
osv
Prion
Design/Logic Flaw
19 Oct 201717:29
prion
Vulnrichment
CVE-2017-10360
19 Oct 201717:00
vulnrichment
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(103987);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2017-10360");
  script_bugtraq_id(101322);

  script_name(english:"Oracle WebCenter Content Server Component Unspecified Issue (October 2017 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by an
unspecified vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle WebCenter Content running on the remote host is
affected by an unspecified flaw in the Content Server component that
allows an unauthenticated, remote attacker to impact confidentiality
and integrity.");
  # https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixFMW
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b680917f");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2017 Oracle
Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-10360");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/19");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_webcenter_content_detect.nasl");
  script_require_keys("installed_sw/Oracle WebCenter Content", "Settings/ParanoidReport");
  script_exclude_keys("Settings/disable_cgi_scanning");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

appname = "Oracle WebCenter Content";

if (report_paranoia < 2) audit(AUDIT_PARANOID);

get_install_count(app_name:appname, exit_if_zero:TRUE);

port = get_http_port(default:80);

install = get_single_install(app_name:appname, port:port, exit_if_unknown_ver:TRUE);

version = install['version'];
dir = install['path'];

install_url = build_url(port: port, qs:dir);

matches = pregmatch(string:version, pattern:"([0-9.]+) \(([0-9.]+)\)");
if (isnull(matches)) audit(AUDIT_VER_FORMAT, version);
main_ver = matches[1];
sub_ver = matches[2];
build = int(sub_ver);
fixed_build = 0;

report = '';

if (main_ver == "12.2.1.2.0")
{
  # Patch 26743018
  # 12.2.1.2.0 (156890)
  fixed_build = 156890;
  patch = 26743018;
}
else if (main_ver == "12.2.1.1.0")
{
  # Patch 26718773
  # 12.2.1.1.0 (156626)
  fixed_build = 156626;
  patch = 26718773;
}
else if (main_ver == "11.1.1.9.0")
{
  # Patch 26781599
  # 11.1.1.9.0 (156851)
  fixed_build = 156851;
  patch = 26781599;
}
if (build < fixed_build)
{
  report = '\n  Installed version : ' + main_ver + ' (' + sub_ver + ')' +
           '\n  Fixed version     : ' + main_ver + ' (' + fixed_build + ')' +
           '\n  Required patch    : ' + patch + '\n';
}

if (report == '') audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, install_url, version);
else security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Apr 2022 00:00Current
7.9High risk
Vulners AI Score7.9
CVSS 25.8
CVSS 38.2
EPSS0.01756
SSVC
24