Oracle WebLogic Unsupported Version Detection

critical Nessus Plugin ID 109345

Synopsis

The remote host is running an unsupported version of a WebLogic server.

Description

According to its version, the installation of Oracle WebLogic running on the remote host is no longer supported per:

- Error Correction Support Dates for Oracle WebLogic Server (Doc ID 950131.1)

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Solution

Upgrade to a version of Oracle WebLogic that is currently supported.

See Also

https://support.oracle.com/knowledge/Middleware/950131_1.html

https://support.oracle.com/knowledge/Middleware/944866_1.html

Plugin Details

Severity: Critical

ID: 109345

File Name: oracle_weblogic_unsupported.nasl

Version: 1.28

Type: combined

Agent: windows, macosx, unix

Family: Misc.

Published: 4/26/2018

Updated: 2/23/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Tenable score for unsupported products.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:oracle:fusion_middleware, cpe:/a:oracle:weblogic_server

Reference Information

IAVA: 0001-A-0578