The version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities :

  - A flaw exists in the Bouncy Castle Java library due to     improper validation of a point within the elliptic     curve. An unauthenticated, remote attacker can exploit     this to obtain private keys by using a series of     specially crafted elliptic curve Diffie-Hellman (ECDH)     key exchanges, also known as an 'invalid curve attack.'     (CVE-2015-7940)

  - A flaw exists in the PathTools module for Perl in the     File::Spec::canonpath() function that is triggered as     strings are returned as untainted even when passing     tainted input. An unauthenticated, remote attacker can     exploit this to pass unvalidated user input to sensitive     or insecure areas. (CVE-2015-8607)

  - An overflow condition exists in Perl in the MapPathA()     function due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this to cause a denial of service condition or the     execution of arbitrary code. (CVE-2015-8608)

  - A remote code execution vulnerability exists in the     Apache Struts component due to improper handling of     multithreaded access to an ActionForm instance. An     unauthenticated, remote attacker can exploit this, via a     specially crafted multipart request, to execute     arbitrary code or cause a denial of service condition.
    (CVE-2016-1181)

  - A flaw exists in Perl that is triggered during the     handling of variables that appear twice in the     environment (envp), causing the last value to appear in     %ENV, while getenv would return the first. An     unauthenticated, remote attacker can exploit this to     cause variables to be incorrectly propagated to     subprocesses, regardless of the protections offered by     taint checking. (CVE-2016-2381)

  - A denial of service vulnerability exists in the Apache     Commons FileUpload component due to improper handling of     boundaries in content-type headers when handling file     upload requests. An unauthenticated, remote attacker can     exploit this to cause processes linked against the     library to become unresponsive. (CVE-2016-3092)

  - A man-in-the-middle vulnerability exists in various     components, known as 'httpoxy', due to a failure to     properly resolve namespace conflicts in accordance with     RFC 3875 section 4.1.18. The HTTP_PROXY environment     variable is set based on untrusted user data in the     'Proxy' header of HTTP requests. The HTTP_PROXY     environment variable is used by some web client     libraries to specify a remote proxy server. An     unauthenticated, remote attacker can exploit this, via a     crafted 'Proxy' header in an HTTP request, to redirect     an application's internal HTTP traffic to an arbitrary     proxy server where it may be observed or manipulated.
    (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387,     CVE-2016-5388)

  - A carry propagating error exists in the OpenSSL     component in the x86_64 Montgomery squaring     implementation that may cause the BN_mod_exp() function     to produce incorrect results. An unauthenticated, remote     attacker with sufficient resources can exploit this to     obtain sensitive information regarding private keys.
    Moreover, the attacker would additionally need online     access to an unpatched system using the target private     key in a scenario with persistent DH parameters and a     private key that is shared between multiple clients. For     example, this can occur by default in OpenSSL DHE based     SSL/TLS cipher suites. (CVE-2017-3732)

  - An unspecified flaw exists in the UI Framework component    that allows authenticated, remote attacker to have an    impact on integrity. (CVE-2017-10091)

Detections

Analytics

Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)

critical Nessus Plugin ID 101837

Version 1.9