[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability
2015-11-02T00:00:00
ID SECURITYVULNS:DOC:32655 Type securityvulns Reporter Securityvulns Modified 2015-11-02T00:00:00
Description
ADVISORY INFORMATION
Title: Oracle E-Business Suite XXE injection
Advisory ID: [ERPSCAN-15-030]
Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle
VULNERABILITY INFORMATION
Class: XML External Entity [CWE-611]
Impact: information disclosure, DoS, SSRF, NTLM relay
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2015-4851
CVSS Information
CVSS Base Score: 6.8 / 10
AV : Access Vector (Related exploit range) Network (N)
AC : Access Complexity (Required attack complexity) Medium (M)
Au : Authentication (Level of authentication needed to exploit) None (N)
C : Impact to Confidentiality Partial (P)
I : Impact to Integrity Partial (P)
A : Impact to Availability Partial (P)
VULNERABILITY DESCRIPTION
1) An attacker can read an arbitrary file on a server by sending a
correct XML request with a crafted DTD and reading the response from
the service.
2) An attacker can perform a DoS attack (for example, XML Entity Expansion).
3) An SMB Relay attack is a type of Man-in-the-Middle attack where the
attacker asks the victim to authenticate into a machine controlled by
the attacker, then relays the credentials to the target. The attacker
forwards the authentication information both ways and gets access.
VULNERABLE PACKAGES
Oracle E-Business Suite 12.1.3
Other versions are probably affected too, but they were not checked.
SOLUTIONS AND WORKAROUNDS
Install Oracle CPU October 2015
AUTHOR
Nikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)
TECHNICAL DESCRIPTION
Vulnerable servlet:
/OA_HTML/oramipp_lpr
REPORT TIMELINE
Reported: 17.07.2015
Vendor response: 24.07.2015
Date of Public Advisory: 20.10.2015
ABOUT ERPScan Research
The company’s expertise is based on the research subdivision of
ERPScan, which is engaged in vulnerability research and analysis of
critical enterprise applications. It has achieved multiple
acknowledgments from the largest software vendors like SAP, Oracle,
Microsoft, IBM, VMware, HP for discovering more than 400
vulnerabilities in their solutions (200 of them just in SAP!).
ERPScan researchers are proud to have exposed new types of
vulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be
nominated for the best server-side vulnerability at BlackHat 2013.
ERPScan experts have been invited to speak, present, and train at 60+
prime international security conferences in 25+ countries across the
continents. These include BlackHat, RSA, HITB, and private SAP
trainings in several Fortune 2000 companies.
ERPScan researchers lead the project EAS-SEC, which is focused on
enterprise application security research and awareness. They have
published 3 exhaustive annual award-winning surveys about SAP
security.
ERPScan experts have been interviewed by leading media resources and
featured in specialized info-sec publications worldwide. These include
Reuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,
Heise, and Chinabyte, to name a few.
We have highly qualified experts in staff with experience in many
different fields of security, from web applications and
mobile/embedded to reverse engineering and ICS/SCADA systems,
accumulating their experience to conduct the best SAP security
research.
ABOUT ERPScan
ERPScan is one of the most respected and credible Business Application
Security providers. Founded in 2010, the company operates globally.
Named an Emerging vendor in Security by CRN and distinguished by more
than 25 other awards, ERPScan is the leading SAP SE partner in
discovering and resolving security vulnerabilities. ERPScan
consultants work with SAP SE in Walldorf to improve the security of
their latest solutions.
ERPScan’s primary mission is to close the gap between technical and
business security. We provide solutions to secure ERP systems and
business-critical applications from both cyber attacks and internal
fraud. Our clients are usually large enterprises, Fortune 2000
companies, and managed service providers whose requirements are to
actively monitor and manage the security of vast SAP landscapes on a
global scale.
Our flagship product is ERPScan Security Monitoring Suite for SAP.
This multi award-winning innovative software is the only solution on
the market certified by SAP SE covering all tiers of SAP security:
vulnerability assessment, source code review, and Segregation of
Duties.
The largest companies from diverse industries like oil and gas,
banking, retail, even nuclear power installations as well as
consulting companies have successfully deployed the software. ERPScan
Security Monitoring Suite for SAP is specifically designed for
enterprises to continuously monitor changes in multiple SAP systems.
It generates and analyzes trends in user friendly dashboards, manages
risks, tasks, and can export results to external systems. These
features enable central management of SAP system security with minimal
time and effort.
We follow the sun and function in two hubs located in the Netherlands
and the US to operate local offices and partner network spanning 20+
countries around the globe. This enables monitoring cyber threats in
real time and providing agile customer support.
Adress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301
Phone: 650.798.5255
Twitter: @erpscan
Scoop-it: Business Application Security
{"id": "SECURITYVULNS:DOC:32655", "bulletinFamily": "software", "title": "[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite XXE injection\r\nAdvisory ID: [ERPSCAN-15-030]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4851\r\nCVSS Information\r\nCVSS Base Score: 6.8 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability Partial (P)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1) An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2) An attacker can perform a DoS attack (for example, XML Entity Expansion).\r\n3) An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/oramipp_lpr\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32655", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4851"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "63db7f670b9c5615e482d0338ccc1970"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "d89fcd2baf8a53a154659fa121f9e2da"}, {"key": "href", "hash": "53ac53d7c165321e6db0accca2f44053"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "454360ae6b0ecae8a6f843602b44b093"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "cb18bce50ec994d7c269875a40e561f262f505c65bda1189c95aab1fee4ec261", "viewCount": 29, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2018-08-31T11:11:02"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4851"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-030"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953"]}], "modified": "2018-08-31T11:11:02"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "affectedSoftware": []}
{"cve": [{"lastseen": "2018-12-11T12:18:54", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to XML input. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/oramipp_lpr.", "modified": "2018-12-10T14:29:10", "published": "2015-10-21T19:59:19", "id": "CVE-2015-4851", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4851", "title": "CVE-2015-4851", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "erpscan": [{"lastseen": "2018-08-31T00:36:07", "bulletinFamily": "info", "description": "None\n", "modified": "2015-07-17T00:00:00", "published": "2015-07-17T00:00:00", "id": "ERPSCAN-15-030", "href": "https://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe/", "title": "Oracle E-Business Suite - XXE injection vulnerability", "type": "erpscan", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:22:33", "bulletinFamily": "scanner", "description": "The version of Oracle E-Business installed on the remote host is\nmissing the October 2015 Oracle Critical Patch Update (CPU). It is,\ntherefore, affected by vulnerabilities in the following components :\n\n - An unspecified flaw exists in the Online Patching\n subcomponent in the Applications DBA. An authenticated,\n remote attacker can exploit this to gain access to\n sensitive information. (CVE-2015-4762)\n\n - Unspecified flaws exist in the DB Listener subcomponent\n in the Applications Technology Stack. An authenticated,\n remote attacker can exploit these to cause a denial of\n service. (CVE-2015-4798, CVE-2015-4839)\n\n - An unspecified flaw exists in the Application Object\n Library related to the 'Java APIs - AOL/J' subcomponent.\n An unauthenticated, remote attacker can exploit this to\n gain access to sensitive information. (CVE-2015-4845)\n\n - An unspecified flaw exists in the SQL Extensions\n subcomponent in the Applications Manager. An\n authenticated, remote attacker can exploit this to\n impact integrity and confidentiality. (CVE-2015-4846)\n\n - An unspecified flaw exists in the Punch-in subcomponent\n in the Oracle Payments component. An unauthenticated,\n remote attacker can exploit this to impact integrity.\n (CVE-2015-4849)\n\n - An unspecified flaw exists in the XML Input subcomponent\n in the iSupplier Portal. An unauthenticated, remote\n attacker can exploit this to impact integrity.\n (CVE-2015-4851)\n\n - An unspecified flaw exists in the Application Object\n Library related to the Single Signon subcomponent.\n An unauthenticated, remote attacker can exploit this to\n impact integrity. (CVE-2015-4854)\n\n - An unspecified flaw exists in the Applications Framework\n related to the 'Business Objects - BC4J' subcomponent.\n An authenticated, remote attacker can exploit this to\n gain access to sensitive information. (CVE-2015-4865)\n\n - An unspecified flaw exists in the Single Signon\n subcomponent in the Application Object Library. An\n unauthenticated, remote attacker can exploit this to\n gain access to sensitive information. (CVE-2015-4884)\n\n - An unspecified flaw exists in the Reports Security\n subcomponent in the Report Manager. An unauthenticated,\n remote attacker can exploit this to impact integrity\n and confidentiality.(CVE-2015-4886)\n\n - An unspecified flaw exists in the Applications Framework\n related to the 'Diagnostics, DMZ' subcomponent. An\n authenticated, remote attacker can exploit this to\n impact integrity. (CVE-2015-4898)", "modified": "2018-07-16T00:00:00", "published": "2015-10-21T00:00:00", "id": "ORACLE_E-BUSINESS_CPU_OCT_2015.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86479", "title": "Oracle E-Business Multiple Vulnerabilities (October 2015 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86479);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/16 14:09:13\");\n\n script_cve_id(\n \"CVE-2015-4762\",\n \"CVE-2015-4798\",\n \"CVE-2015-4839\",\n \"CVE-2015-4845\",\n \"CVE-2015-4846\",\n \"CVE-2015-4849\",\n \"CVE-2015-4851\",\n \"CVE-2015-4854\",\n \"CVE-2015-4865\",\n \"CVE-2015-4884\",\n \"CVE-2015-4886\",\n \"CVE-2015-4898\"\n );\n script_bugtraq_id(\n 77243,\n 77244,\n 77245,\n 77247,\n 77248,\n 77249,\n 77250,\n 77251,\n 77252,\n 77253,\n 77254,\n 77255\n );\n\n script_name(english:\"Oracle E-Business Multiple Vulnerabilities (October 2015 CPU)\");\n script_summary(english:\"Checks for the October 2015 CPU.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle E-Business installed on the remote host is\nmissing the October 2015 Oracle Critical Patch Update (CPU). It is,\ntherefore, affected by vulnerabilities in the following components :\n\n - An unspecified flaw exists in the Online Patching\n subcomponent in the Applications DBA. An authenticated,\n remote attacker can exploit this to gain access to\n sensitive information. (CVE-2015-4762)\n\n - Unspecified flaws exist in the DB Listener subcomponent\n in the Applications Technology Stack. An authenticated,\n remote attacker can exploit these to cause a denial of\n service. (CVE-2015-4798, CVE-2015-4839)\n\n - An unspecified flaw exists in the Application Object\n Library related to the 'Java APIs - AOL/J' subcomponent.\n An unauthenticated, remote attacker can exploit this to\n gain access to sensitive information. (CVE-2015-4845)\n\n - An unspecified flaw exists in the SQL Extensions\n subcomponent in the Applications Manager. An\n authenticated, remote attacker can exploit this to\n impact integrity and confidentiality. (CVE-2015-4846)\n\n - An unspecified flaw exists in the Punch-in subcomponent\n in the Oracle Payments component. An unauthenticated,\n remote attacker can exploit this to impact integrity.\n (CVE-2015-4849)\n\n - An unspecified flaw exists in the XML Input subcomponent\n in the iSupplier Portal. An unauthenticated, remote\n attacker can exploit this to impact integrity.\n (CVE-2015-4851)\n\n - An unspecified flaw exists in the Application Object\n Library related to the Single Signon subcomponent.\n An unauthenticated, remote attacker can exploit this to\n impact integrity. (CVE-2015-4854)\n\n - An unspecified flaw exists in the Applications Framework\n related to the 'Business Objects - BC4J' subcomponent.\n An authenticated, remote attacker can exploit this to\n gain access to sensitive information. (CVE-2015-4865)\n\n - An unspecified flaw exists in the Single Signon\n subcomponent in the Application Object Library. An\n unauthenticated, remote attacker can exploit this to\n gain access to sensitive information. (CVE-2015-4884)\n\n - An unspecified flaw exists in the Reports Security\n subcomponent in the Report Manager. An unauthenticated,\n remote attacker can exploit this to impact integrity\n and confidentiality.(CVE-2015-4886)\n\n - An unspecified flaw exists in the Applications Framework\n related to the 'Diagnostics, DMZ' subcomponent. An\n authenticated, remote attacker can exploit this to\n impact integrity. (CVE-2015-4898)\");\n # www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9d408555\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2015 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:e-business_suite\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_e-business_query_patch_info.nbin\");\n script_require_keys(\"Oracle/E-Business/Version\", \"Oracle/E-Business/patches/installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Oracle/E-Business/Version\");\npatches = get_kb_item_or_exit(\"Oracle/E-Business/patches/installed\");\n\n# Batch checks\nif (patches) patches = split(patches, sep:',', keep:FALSE);\nelse patches = make_list();\n\n# Check if the installed version is an affected version\naffected_versions = make_array(\n '11.5.10.2', make_list('21507439', '21507445'),\n\n '12.0.6', make_list('21507421'),\n\n '12.1.3', make_list('21507207'),\n\n '12.2.3', make_list('21507429'),\n '12.2.4', make_list('21507429')\n);\n\npatched = FALSE;\naffectedver = FALSE;\n\nif (affected_versions[version])\n{\n affectedver = TRUE;\n patchids = affected_versions[version];\n foreach required_patch (patchids)\n {\n foreach applied_patch (patches)\n {\n if(required_patch == applied_patch)\n {\n patched = applied_patch;\n break;\n }\n }\n if(patched) break;\n }\n if(!patched) patchreport = join(patchids,sep:\" or \");\n}\n\nif (!patched && affectedver)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Installed version : '+version+\n '\\n Fixed version : '+version+' Patch '+patchreport+\n '\\n';\n security_warning(port:0,extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse if (!affectedver) audit(AUDIT_INST_VER_NOT_VULN, 'Oracle E-Business', version);\nelse exit(0, 'The Oracle E-Business server ' + version + ' is not affected because patch ' + patched + ' has been applied.');\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "description": "Quarterly update closes 140 vulnerabilities in different applications.", "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2018-08-31T04:13:56", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 153 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2016-09-29T00:00:00", "published": "2015-10-20T00:00:00", "id": "ORACLE:CPUOCT2015-2367953", "href": "", "title": "Oracle Critical Patch Update - October 2015", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}