There are serveral problems with the way Jython creates class cache
files, potentially leading to arbitrary code execution or information
disclosure (CVE-2013-2027).
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
{"id": "SECURITYVULNS:DOC:31940", "bulletinFamily": "software", "title": "[ MDVSA-2015:158 ] jython", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2015:158\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : jython\r\n Date : March 29, 2015\r\n Affected: Business Server 2.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated jython packages fix security vulnerability:\r\n \r\n There are serveral problems with the way Jython creates class cache\r\n files, potentially leading to arbitrary code execution or information\r\n disclosure (CVE-2013-2027).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2027\r\n http://advisories.mageia.org/MGASA-2015-0096.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 2/X86_64:\r\n 9d606311c99c891840256cee4bf737f1 mbs2/x86_64/jython-2.2.1-15.1.mbs2.noarch.rpm\r\n 2001363915af159639c6d0b77fca6b5b mbs2/x86_64/jython-demo-2.2.1-15.1.mbs2.noarch.rpm\r\n f6ec9e25f3ed984cc3de3889129bca02 mbs2/x86_64/jython-javadoc-2.2.1-15.1.mbs2.noarch.rpm\r\n ebe25df5b144b3dc246797156b2d008d mbs2/x86_64/jython-manual-2.2.1-15.1.mbs2.noarch.rpm \r\n 4f368652b5186520c0cf9b082feff5e6 mbs2/SRPMS/jython-2.2.1-15.1.mbs2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFVGCiNmqjQ0CJFipgRAqjjAKCm1rDyieOtauNz0BuklV5OnfPOAgCaA1/G\r\nWsvqscAcN0NIbdyluee62WM=\r\n=75a2\r\n-----END PGP SIGNATURE-----\r\n\r\n", "published": "2015-04-19T00:00:00", "modified": "2015-04-19T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31940", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2013-2027"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "faa720f3875e3065087c4d5fd368522b"}, {"key": "cvss", "hash": "292f2e293571b0e70e3182b615982dad"}, {"key": "description", "hash": "3ab4e742e15f776952a892808d264f99"}, {"key": "href", "hash": "700096fd879c6aab828d19e474915a22"}, {"key": "modified", "hash": "cee5d3435172d074172d7ece845c70ce"}, {"key": "published", "hash": "cee5d3435172d074172d7ece845c70ce"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "4b80e218defdea288464d1c876a1e2cc"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "ec141d6eac38d79f21821023b7eff3223d223ccc6e0821f68d315bbf048cda77", "viewCount": 3, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:10:58"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-2027"]}, {"type": "nessus", "idList": ["OPENSUSE-2015-139.NASL", "MANDRIVA_MDVSA-2015-158.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2017.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14409"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811244"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2017-3236622"]}], "modified": "2018-08-31T11:10:58"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "affectedSoftware": []}
{"cve": [{"lastseen": "2019-05-29T18:13:02", "bulletinFamily": "NVD", "description": "Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.", "modified": "2018-10-30T16:27:00", "id": "CVE-2013-2027", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2027", "published": "2015-02-13T15:59:00", "title": "CVE-2013-2027", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "description": "Weak permissions on cache files creation.", "modified": "2015-04-19T00:00:00", "published": "2015-04-19T00:00:00", "id": "SECURITYVULNS:VULN:14409", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14409", "title": "Jython weak permissions", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:23:30", "bulletinFamily": "scanner", "description": "jython was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2013-2027: Creates executables class files with wrong permissions", "modified": "2015-03-11T00:00:00", "id": "OPENSUSE-2015-139.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81338", "published": "2015-02-13T00:00:00", "title": "openSUSE Security Update : jython (openSUSE-2015-139)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-139.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81338);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/03/11 13:51:32 $\");\n\n script_cve_id(\"CVE-2013-2027\");\n\n script_name(english:\"openSUSE Security Update : jython (openSUSE-2015-139)\");\n script_summary(english:\"Check for the openSUSE-2015-139 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"jython was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2013-2027: Creates executables class files with\n wrong permissions\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916224\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jython packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jython-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jython-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:jython-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"jython-2.2.1-11.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"jython-demo-2.2.1-11.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"jython-javadoc-2.2.1-11.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"jython-manual-2.2.1-11.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"jython-2.2.1-13.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"jython-demo-2.2.1-13.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"jython-javadoc-2.2.1-13.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"jython-manual-2.2.1-13.4.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jython / jython-demo / jython-javadoc / jython-manual\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:51", "bulletinFamily": "scanner", "description": "Updated jython packages fix security vulnerability :\n\nThere are serveral problems with the way Jython creates class cache files, potentially leading to arbitrary code execution or information disclosure (CVE-2013-2027).", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2015-158.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82411", "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : jython (MDVSA-2015:158)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:158. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82411);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2013-2027\");\n script_xref(name:\"MDVSA\", value:\"2015:158\");\n\n script_name(english:\"Mandriva Linux Security Advisory : jython (MDVSA-2015:158)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated jython packages fix security vulnerability :\n\nThere are serveral problems with the way Jython creates class cache\nfiles, potentially leading to arbitrary code execution or information\ndisclosure (CVE-2013-2027).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0096.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:jython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:jython-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:jython-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:jython-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"jython-2.2.1-15.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"jython-demo-2.2.1-15.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"jython-javadoc-2.2.1-15.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"jython-manual-2.2.1-15.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:31:58", "bulletinFamily": "scanner", "description": "The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities :\n\n - A flaw exists in Jython due to executable classes being created with insecure permissions. A local attacker can exploit this to bypass intended access restrictions and thereby disclose sensitive information or gain elevated privileges. (CVE-2013-2027)\n\n - A remote code execution vulnerability exists in the Apache Struts component in the Jakarta Multipart parser due to improper handling of the Content-Type, Content-Disposition, and Content-Length headers.\n An unauthenticated, remote attacker can exploit this, via a specially crafted header value in the HTTP request, to execute arbitrary code. (CVE-2017-5638)\n\n - An unspecified flaw exists in the Web Services component that allows an unauthenticated, remote attacker to have an impact on integrity and availability.\n (CVE-2017-10063)\n\n - An unspecified flaw exists in the Web Container component that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2017-10123)\n\n - An unspecified flaw exists in the JNDI component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10137)\n\n - An unspecified flaw exists in the Core Components that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-10147)\n\n - An unspecified flaw exists in the Core Components that allows an unauthenticated, remote attacker to have an impact on integrity. (CVE-2017-10148)\n\n - An unspecified flaw exists in the Web Container component that allows an unauthenticated, remote attacker to have an impact on confidentiality and integrity. (CVE-2017-10178)", "modified": "2018-06-29T00:00:00", "id": "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2017.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101815", "published": "2017-07-19T00:00:00", "title": "Oracle WebLogic Server Multiple Vulnerabilities (July 2017 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101815);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/06/29 12:01:01\");\n\n script_cve_id(\n \"CVE-2013-2027\",\n \"CVE-2017-5638\",\n \"CVE-2017-10063\",\n \"CVE-2017-10123\",\n \"CVE-2017-10137\",\n \"CVE-2017-10147\",\n \"CVE-2017-10148\",\n \"CVE-2017-10178\"\n );\n script_bugtraq_id(\n 78027,\n 96729,\n 99634,\n 99644,\n 99650,\n 99651,\n 99652,\n 99653\n);\n script_xref(name:\"CERT\", value:\"834067\");\n script_xref(name:\"EDB-ID\", value:\"41570\");\n script_xref(name:\"EDB-ID\", value:\"41614\");\n\n script_name(english:\"Oracle WebLogic Server Multiple Vulnerabilities (July 2017 CPU)\");\n script_summary(english:\"Checks for the patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application server installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle WebLogic Server installed on the remote host is\naffected by multiple vulnerabilities :\n\n - A flaw exists in Jython due to executable classes being\n created with insecure permissions. A local attacker can\n exploit this to bypass intended access restrictions and\n thereby disclose sensitive information or gain elevated\n privileges. (CVE-2013-2027)\n\n - A remote code execution vulnerability exists in the\n Apache Struts component in the Jakarta Multipart parser\n due to improper handling of the Content-Type,\n Content-Disposition, and Content-Length headers.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted header value in the HTTP\n request, to execute arbitrary code. (CVE-2017-5638)\n\n - An unspecified flaw exists in the Web Services component\n that allows an unauthenticated, remote attacker to have\n an impact on integrity and availability.\n (CVE-2017-10063)\n\n - An unspecified flaw exists in the Web Container\n component that allows an authenticated, remote attacker\n to disclose sensitive information. (CVE-2017-10123)\n\n - An unspecified flaw exists in the JNDI component that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2017-10137)\n\n - An unspecified flaw exists in the Core Components that\n allows an unauthenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-10147)\n\n - An unspecified flaw exists in the Core Components that\n allows an unauthenticated, remote attacker to have an\n impact on integrity. (CVE-2017-10148)\n\n - An unspecified flaw exists in the Web Container\n component that allows an unauthenticated, remote\n attacker to have an impact on confidentiality and\n integrity. (CVE-2017-10178)\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2017 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:X\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts Jakarta Multipart Parser OGNL Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/19\");\n\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:weblogic_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_weblogic_server_installed.nbin\", \"os_fingerprint.nasl\");\n script_require_keys(\"installed_sw/Oracle WebLogic Server\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"Oracle WebLogic Server\";\n\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nohome = install[\"Oracle Home\"];\nsubdir = install[\"path\"];\nversion = install[\"version\"];\n\nfix = NULL;\nfix_ver = NULL;\n\n# individual security patches\nif (version =~ \"^10\\.3\\.6\\.\")\n{\n fix_ver = \"10.3.6.0.170718\";\n fix = \"25869650\";\n}\nelse if (version =~ \"^12\\.1\\.3\\.\")\n{\n fix_ver = \"12.1.3.0.170718\";\n fix = \"25869659\";\n}\nelse if (version =~ \"^12\\.2\\.1\\.1($|[^0-9])\")\n{\n fix_ver = \"12.2.1.1.170718\";\n fix = \"25961827\";\n}\nelse if (version =~ \"^12\\.2\\.1\\.2($|[^0-9])\")\n{\n fix_ver = \"12.2.1.2.170718\";\n fix = \"25871788\";\n}\n\nif (!isnull(fix_ver) && ver_compare(ver:version, fix:fix_ver, strict:FALSE) == -1)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if ('windows' >< tolower(os))\n {\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n }\n else port = 0;\n\n report =\n '\\n Oracle home : ' + ohome +\n '\\n Install path : ' + subdir +\n '\\n Version : ' + version +\n '\\n Required patch : ' + fix +\n '\\n';\n security_report_v4(extra:report, port:port, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, subdir);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-09-24T15:06:17", "bulletinFamily": "scanner", "description": "The host is running Oracle WebLogic Server\n and is prone to multiple vulnerabilities.", "modified": "2019-09-20T00:00:00", "published": "2017-07-19T00:00:00", "id": "OPENVAS:1361412562310811244", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811244", "title": "Oracle WebLogic Server Multiple Vulnerabilities (cpujul2017-3236622)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle WebLogic Server Multiple Vulnerabilities (cpujul2017-3236622)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:bea:weblogic_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811244\");\n script_version(\"2019-09-20T11:01:01+0000\");\n script_cve_id(\"CVE-2017-10137\", \"CVE-2017-5638\", \"CVE-2017-10147\", \"CVE-2017-10178\", \"CVE-2013-2027\",\n \"CVE-2017-10148\", \"CVE-2017-10063\", \"CVE-2017-10123\", \"CVE-2017-10352\", \"CVE-2017-10271\",\n \"CVE-2017-10152\", \"CVE-2017-10336\", \"CVE-2017-10334\");\n script_bugtraq_id(96729, 99651, 99644, 78027, 99652, 99653, 101304, 101392);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-20 11:01:01 +0000 (Fri, 20 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-07-19 12:53:23 +0530 (Wed, 19 Jul 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle WebLogic Server Multiple Vulnerabilities (cpujul2017-3236622)\");\n\n script_tag(name:\"summary\", value:\"The host is running Oracle WebLogic Server\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to some unspecified\n errors in the 'Sample apps (Struts 2)', 'Core Components', 'Web Container', 'WLST'\n 'Web Services', 'WLS-WebServices' and 'WLS Security' components of application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to have an impact on confidentiality, integrity and availability.\");\n\n script_tag(name:\"affected\", value:\"Oracle WebLogic Server versions 10.3.6.0,\n 12.1.3.0, 12.2.1.1 and 12.2.1.2\");\n\n script_tag(name:\"solution\", value:\"Apply update from the link mentioned below.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"oracle_webLogic_server_detect.nasl\");\n script_mandatory_keys(\"OracleWebLogicServer/installed\");\n script_require_ports(\"Services/www\", 7001);\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!webPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!webVer = get_app_version(cpe:CPE, port:webPort)){\n exit(0);\n}\n\naffected = make_list('10.3.6.0', '12.1.3.0', '12.2.1.2', '12.2.1.1');\nforeach version (affected)\n{\n if( webVer == version)\n {\n report = report_fixed_ver(installed_version:webVer, fixed_version:\"Apply the appropriate patch\");\n security_message(data:report, port:webPort);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2019-05-29T18:20:53", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 310 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2282980.1>).\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2017-07-18T00:00:00", "published": "2018-03-20T00:00:00", "id": "ORACLE:CPUJUL2017-3236622", "href": "", "title": "Oracle Critical Patch Update - July 2017", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
