Oracle E-Business Multiple Vulnerabilities (October 2016 CPU)

High Nessus Plugin ID 94164

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

A web application installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Oracle E-Business installed on the remote host is missing the October 2016 Oracle Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities :

- A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)

- A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block.
An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106)

- Multiple flaws exist in the OpenSSL subcomponent in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic.
(CVE-2016-2107)

- Multiple unspecified flaws exist in the OpenSSL subcomponent in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109)

- An out-of-bounds read error exists in the OpenSSL subcomponent in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory.
(CVE-2016-2176)

- An unspecified flaw exists in the Runtime Catalog subcomponent in the iStore component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5489)

- An unspecified flaw exists in the AD Utilities subcomponent in the Applications DBA component that allows a local attacker to disclose sensitive information. (CVE-2016-5517)
- An unspecified flaw exists in the Workflow Events subcomponent in the Shipping Execution component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5532)

- An unspecified flaw exists in the Price Book subcomponent in the Advanced Pricing component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5557)

- An unspecified flaw exists in the Requisition Management subcomponent in the iProcurement component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5562)

- Multiple unspecified flaws exist in the AD Utilities subcomponent in the DBA component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE- 2016-5567, CVE-2016-5570, CVE-2016-5571)

- An unspecified flaw exists in the Resources Module subcomponent in the Common Applications Calendar component that allows an unauthenticated, remote attacker to disclose sensitive information.
(CVE-2016-5575)

- An unspecified flaw exists in the Candidate Self Service subcomponent in the iRecruitment component that allows a local attacker to gain elevated privileges.
(CVE-2016-5581)

- An unspecified flaw exists in the File Upload subcomponent in the One-to-One Fulfillment component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5583)

- An unspecified flaw exists in the Select Application Dependencies subcomponent in the Interaction Center Intelligence component that allow an unauthenticated, remote attacker to impact confidentiality and integrity.
(CVE-2016-5585)

- An unspecified flaw exists in the Dispatch/Service Call Requests subcomponent in the Email Center component that allow an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5586)

- Multiple unspecified flaws exist in the Outcome-Result subcomponent in the Customer Interaction History component that allow an unauthenticated, remote attacker to impact confidentiality and integrity.
(CVE-2016-5587, CVE-2016-5591, CVE-2016-5593)

- An unspecified flaw exists in the Responsibility Management subcomponent in the CRM Technical Foundation component that allows an unauthenticated, remote attacker to impact confidentiality and integrity.
(CVE-2016-5589)

- Multiple unspecified flaws exist in the Result-Reason subcomponent in the Customer Interaction History component that allow an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5592, CVE-2016-5595)

- An unspecified flaw exists in the Default Responsibility subcomponent in the CRM Technical Foundation component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5596)

Solution

Apply the appropriate patch according to the October 2016 Oracle Critical Patch Update advisory.

See Also

http://www.nessus.org/u?bac902d5

Plugin Details

Severity: High

ID: 94164

File Name: oracle_e-business_cpu_oct_2016.nasl

Version: 1.8

Type: local

Family: Misc.

Published: 2016/10/20

Updated: 2019/11/14

Dependencies: 70177

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS Score Source: CVE-2016-5489

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:e-business_suite

Required KB Items: Oracle/E-Business/Version, Oracle/E-Business/patches/installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/10/18

Vulnerability Publication Date: 2016/04/22

Reference Information

CVE: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176, CVE-2016-5489, CVE-2016-5517, CVE-2016-5532, CVE-2016-5557, CVE-2016-5562, CVE-2016-5567, CVE-2016-5570, CVE-2016-5571, CVE-2016-5575, CVE-2016-5581, CVE-2016-5583, CVE-2016-5585, CVE-2016-5586, CVE-2016-5587, CVE-2016-5589, CVE-2016-5591, CVE-2016-5592, CVE-2016-5593, CVE-2016-5595, CVE-2016-5596

BID: 87940, 89744, 89746, 89757, 89760, 93690, 93694, 93699, 93703, 93707, 93721, 93724, 93729, 93738, 93739, 93743, 93747, 93750, 93756, 93758, 93761, 93762, 93764, 93769, 93770

EDB-ID: 39768