Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLE_WEBLOGIC_SERVER_CPU_OCT_2017.NASL
HistoryOct 18, 2017 - 12:00 a.m.

Oracle WebLogic Server Multiple Vulnerabilities (October 2017 CPU)

2017-10-1800:00:00
This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
840

6.8 Medium

AI Score

Confidence

Low

JSON

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(103935);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/12");

  script_cve_id(
    "CVE-2017-10152",
    "CVE-2017-10271",
    "CVE-2017-10334",
    "CVE-2017-10336",
    "CVE-2017-10352"
  );
  script_bugtraq_id(101304, 101351, 101392);
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/08/10");

  script_name(english:"Oracle WebLogic Server Multiple Vulnerabilities (October 2017 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"An application server installed on the remote host is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle WebLogic Server installed on the remote host is
affected by multiple vulnerabilities");
  # http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e07fa0e");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2017 Oracle
Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:ND");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:X");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-10352");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Oracle Weblogic Server Deserialization RCE - AsyncResponseService');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:weblogic_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_weblogic_server_installed.nbin", "os_fingerprint.nasl");
  script_require_ports("installed_sw/Oracle WebLogic Server", "installed_sw/JDeveloper's Integrated WebLogic Server");

  exit(0);
}

include("install_func.inc");

var app_name = "Oracle WebLogic Server";

var install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
var ohome = install["Oracle Home"];
var subdir = install["path"];
var version = install["version"];
var os, port, report;
var fix = NULL;
var fix_ver = NULL;

# individual security patches
if (version =~ "^10\.3\.6\.")
{
  fix_ver = "10.3.6.0.171017";
  fix = "26519424";
}
else if (version =~ "^12\.1\.3\.")
{
  fix_ver = "12.1.3.0.171017";
  fix = "26519417";
}
else if (version =~ "^12\.2\.1\.1($|[^0-9])")
{
  fix_ver = "12.2.1.1.171017";
  fix = "26519400";
}
else if (version =~ "^12\.2\.1\.2($|[^0-9])")
{
  fix_ver = "12.2.1.2.171017";
  fix = "26485996";
}

if (!isnull(fix_ver) && ver_compare(ver:version, fix:fix_ver, strict:FALSE) == -1)
{
  os = get_kb_item_or_exit("Host/OS");
  if ('windows' >< tolower(os))
  {
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
  }
  else port = 0;

  report =
    '\n  Oracle home    : ' + ohome +
    '\n  Install path   : ' + subdir +
    '\n  Version        : ' + version +
    '\n  Required Patch : ' + fix +
    '\n';
  security_report_v4(extra:report, port:port, severity:SECURITY_HOLE);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);
VendorProductVersionCPE
oraclefusion_middlewarecpe:/a:oracle:fusion_middleware
oracleweblogic_servercpe:/a:oracle:weblogic_server

Related

openvas 2
prion 5
cve 5
hackerone 3
attackerkb 1
metasploit 1
nessus 4
packetstorm 1
malwarebytes 1
securelist 4
exploitpack 2
symantec 1
fireeye 6
nuclei 1
zdt 2
cisa_kev 1
exploitdb 1
talosblog 4
seebug 1
threatpost 11
checkpoint_advisories 1
pentestit 1
thn 3
githubexploit 1
kitploit 3
cisa 1
qualysblog 2
oracle 2
impervablog 1
openvas
openvas
Oracle WebLogic Server Multiple Vulnerabilities (cpujul2017-3236622)
2017-07-19 00:00:00
Oracle WebLogic Server Multiple Unspecified Vulnerabilities (cpujul2017-3236622, cpuoct2018-4428296)
2017-07-19 00:00:00
prion
prion
Design/Logic Flaw
2017-10-19 17:29:00
Design/Logic Flaw
2017-10-19 17:29:00
Design/Logic Flaw
2017-10-19 17:29:00
cve
cve
CVE-2017-10334
2017-10-19 17:29:00
CVE-2017-10336
2017-10-19 17:29:00
CVE-2017-10352
2017-10-19 17:29:00
hackerone
hackerone
U.S. Dept Of Defense: Remote OS command Execution in the 3 more Oracle Weblogic on the β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ, β–ˆβ–ˆβ–ˆβ–ˆ, β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ [CVE-2017-10352]
2019-07-03 19:21:18
MTN Group: Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-10271]
2020-03-04 13:45:59
U.S. Dept Of Defense: RCE on β–ˆβ–ˆβ–ˆβ–ˆβ–ˆ via CVE-2017-10271
2019-05-10 22:23:31
attackerkb
attackerkb
CVE-2017-10271 - Oracle WebLogic Server AsyncResponseService Deserialization Vulnerability
2017-10-19 00:00:00
metasploit
metasploit
Oracle WebLogic wls-wsat Component Deserialization RCE
2018-01-05 20:05:21
nessus
nessus
Oracle WebLogic WSAT Remote Code Execution
2017-12-28 00:00:00
Oracle WebLogic Server Multiple Vulnerabilities (Jan 2018 CPU)
2020-12-16 00:00:00
Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)
2018-01-24 00:00:00
packetstorm
packetstorm
Oracle WebLogic wls-wsat Component Deserialization Remote Code Execution
2018-01-28 00:00:00
malwarebytes
malwarebytes
The state of malicious cryptomining
2018-02-26 16:08:03
securelist
securelist
APT trends report Q3 2019
2019-10-16 10:00:26
Andariel deploys DTrack and Maui ransomware
2022-08-09 10:00:46
APT review: what the world’s threat actors got up to in 2019
2019-12-04 10:00:22
exploitpack
exploitpack
Oracle WebLogic 10.3.6 - wls-wsat Component Deserialisation Remote Command Execution
2018-01-03 00:00:00
Oracle WebLogic Server 10.3.6.0.0 12.x - Remote Command Execution
2017-12-26 00:00:00
symantec
symantec
Oracle WebLogic Server CVE-2017-10271 Remote Security Vulnerability
2017-10-17 00:00:00
fireeye
fireeye
Malicious PowerShell Detection via Machine Learning
2018-07-10 12:00:00
CVE-2017-10271 Used to Deliver CryptoMiners: An Overview of Techniques Used Post-Exploitation and Pre-Mining
2018-02-15 16:30:00
How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners
2018-07-18 14:00:00
nuclei
nuclei
Oracle WebLogic Server - Remote Command Execution
2021-02-03 00:48:46
zdt
zdt
Oracle WebLogic < 10.3.6 - wls-wsat Component Deserialisation Remote Command Execution Exploit
2018-01-08 00:00:00
Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution Exploit
2018-01-29 00:00:00
cisa_kev
cisa_kev
Oracle Corporation WebLogic Server Remote Code Execution Vulnerability
2022-02-10 00:00:00
exploitdb
exploitdb
Oracle WebLogic &lt; 10.3.6 - &#039;wls-wsat&#039; Component Deserialisation Remote Command Execution
2018-01-03 00:00:00
talosblog
talosblog
Rocke: The Champion of Monero Miners
2018-08-30 08:26:00
Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions
2018-01-31 07:58:00
Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple β€œPanda”
2019-09-17 08:09:45
seebug
seebug
Oracle WebLogic wls-wsat RCE(CVE-2017-10271)
2017-12-22 00:00:00
threatpost
threatpost
Muhstik Botnet Exploits Highly Critical Drupal Bug
2018-04-23 22:13:25
Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig
2019-05-06 20:04:55
New Threat Actor β€˜Rocke’: A Rising Monero Cryptomining Menace
2018-08-30 20:35:39
checkpoint_advisories
checkpoint_advisories
Oracle WebLogic WLS Security Component Remote Code Execution (CVE-2017-10271; CVE-2017-3506)
2017-12-27 00:00:00
pentestit
pentestit
UPDATE: Infection Monkey 1.6.1
2018-12-03 22:28:53
thn
thn
New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers
2021-02-01 11:15:00
Hackers Exploiting Drupal Vulnerability to Inject Cryptocurrency Miners
2018-04-18 09:49:00
Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
2022-03-28 06:59:00
githubexploit
githubexploit
Exploit for Injection in Oracle Weblogic Server
2019-08-23 01:42:57
kitploit
kitploit
Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts
2019-05-12 13:09:00
Jok3R - Network And Web Pentest Framework
2019-01-23 12:25:00
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
cisa
cisa
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-02-10 00:00:00
qualysblog
qualysblog
Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking
2019-12-27 18:01:22
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08

6.8 Medium

AI Score

Confidence

Low

JSON
Related for ORACLE_WEBLOGIC_SERVER_CPU_OCT_2017.NASL
openvas2prion5cve5hackerone3attackerkb1metasploit1nessus4packetstorm1malwarebytes1securelist4exploitpack2symantec1fireeye6nuclei1zdt2cisa_kev1exploitdb1talosblog4seebug1threatpost11checkpoint_advisories1pentestit1thn3githubexploit1kitploit3cisa1qualysblog2oracle2impervablog1