Detections
Analytics
Oracle Application Testing Suite Multiple Vulnerabilities (Jul 2019 CPU)
critical Nessus Plugin ID 126788
Language:
Synopsis
An application installed on the remote host is affected by multiple vulnerabilities.Description
The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities:- A deserialization vulnerability exists in Apache Commons FileUpload library. An unauthenticated, remote attacker can exploit this, via customized Java serialised object, to execute arbitrary code on the target host.
(CVE-2016-1000031)
- An unspecified vulnerability in the Load Testing for Web Apps component of Oracle Application Testing Suite, which could allow an unauthenticated, remote attacker to read, update, or delete Oracle Application Testing Suite accessible data and gives an ability to cause a partial denial of service (partial DOS). (CVE-2019-2727)
Solution
Apply the appropriate patch according to the July 2019 Oracle Critical Patch Update advisory.See Also
Plugin Details
Severity: Critical
ID: 126788
File Name: oracle_oats_cpu_jul_2019.nasl
Version: 1.6
Type: local
Agent: windows, macosx, unix
Family: Misc.
Published: 7/19/2019
Updated: 12/6/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2019-2727
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2016-1000031
Vulnerability Information
CPE: cpe:/a:oracle:application_testing_suite
Required KB Items: installed_sw/Oracle Application Testing Suite
Exploit Ease: No known exploits are available
Patch Publication Date: 7/16/2019
Vulnerability Publication Date: 7/16/2019
Reference Information
CVE: CVE-2016-1000031, CVE-2019-2727
TRA: TRA-2016-12