The version of Oracle E-Business installed on the remote host is missing the July 2017 Oracle Critical Patch Update (CPU). It is, therefore, affected by the following vulnerabilities :

  - Multiple integer overflow conditions exist in the     OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c     due to improper use of pointer arithmetic for     heap-buffer boundary checks. An unauthenticated, remote     attacker can exploit this to cause a denial of service.
    (CVE-2016-2177)

  - An information disclosure vulnerability exists in the     OpenSSL component in the dsa_sign_setup() function in     dsa_ossl.c due to a failure to properly ensure the use     of constant-time operations. An unauthenticated, remote     attacker can exploit this, via a timing side-channel     attack, to disclose DSA key information. (CVE-2016-2178)

  - A denial of service vulnerability exists in the OpennSSL     component in the DTLS implementation due to a failure to     properly restrict the lifetime of queue entries     associated with unused out-of-order messages. An     unauthenticated, remote attacker can exploit this, by     maintaining multiple crafted DTLS sessions     simultaneously, to exhaust memory. (CVE-2016-2179)

  - An out-of-bounds read error exists in the OpenSSL     component in the X.509 Public Key Infrastructure     Time-Stamp Protocol (TSP) implementation. An     unauthenticated, remote attacker can exploit this, via a     crafted time-stamp file that is mishandled by the     'openssl ts' command, to cause a denial of service or to     disclose sensitive information. (CVE-2016-2180)

  - A denial of service vulnerability exists in the OpenSSL     component in the Anti-Replay feature in the DTLS     implementation due to improper handling of epoch     sequence numbers in records. An unauthenticated, remote     attacker can exploit this, via spoofed DTLS records, to     cause legitimate packets to be dropped. (CVE-2016-2181)

  - An overflow condition exists in the OpenSSL component in     the BN_bn2dec() function in bn_print.c due to improper     validation of user-supplied input when handling BIGNUM     values. An unauthenticated, remote attacker can exploit     this to crash the process. (CVE-2016-2182)

  - A vulnerability exists, known as SWEET32, in the OpenSSL     component in the 3DES and Blowfish algorithms due to the     use of weak 64-bit block ciphers by default. A     man-in-the-middle attacker who has sufficient resources     can exploit this vulnerability, via a 'birthday' attack,     to detect a collision that leaks the XOR between the     fixed secret and a known plaintext, allowing the     disclosure of the secret text, such as secure HTTPS     cookies, and possibly resulting in the hijacking of an     authenticated session. (CVE-2016-2183)

  - A flaw exists in the OpenSSL component in the     tls_decrypt_ticket() function in t1_lib.c due to     improper handling of ticket HMAC digests. An     unauthenticated, remote attacker can exploit this, via a     ticket that is too short, to crash the process,     resulting in a denial of service. (CVE-2016-6302)

  - An integer overflow condition exists in the OpenSSL     component in the MDC2_Update() function in mdc2dgst.c     due to improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit this to     cause a heap-based buffer overflow, resulting in a     denial of service condition or possibly the execution of     arbitrary code. (CVE-2016-6303)

  - A flaw exists in the OpenSSL component in the     ssl_parse_clienthello_tlsext() function in t1_lib.c due     to improper handling of overly large OCSP Status Request     extensions from clients. An unauthenticated, remote     attacker can exploit this, via large OCSP Status Request     extensions, to exhaust memory resources, resulting in a     denial of service condition. (CVE-2016-6304)

  - A flaw exists in the OpenSSL component in the SSL_peek()     function in rec_layer_s3.c due to improper handling of     empty records. An unauthenticated, remote attacker can     exploit this, by triggering a zero-length record in an     SSL_peek call, to cause an infinite loop, resulting in a     denial of service condition. (CVE-2016-6305)

  - An out-of-bounds read error exists in the OpenSSL     component in the certificate parser that allows an     unauthenticated, remote attacker to cause a denial of     service via crafted certificate operations.
    (CVE-2016-6306)

  - A denial of service vulnerability exists in the OpenSSL     component in the state-machine implementation due to a     failure to check for an excessive length before     allocating memory. An unauthenticated, remote attacker     can exploit this, via a crafted TLS message, to exhaust     memory resources. (CVE-2016-6307)

  - A denial of service vulnerability exists in the OpenSSL     component in the DTLS implementation due to improper     handling of excessively long DTLS messages. An     unauthenticated, remote attacker can exploit this, via a     crafted DTLS message, to exhaust available memory     resources. (CVE-2016-6308)

  - A remote code execution vulnerability exists in the     OpenSSL component in the read_state_machine() function     in statem.c due to improper handling of messages larger     than 16k. An unauthenticated, remote attacker can     exploit this, via a specially crafted message, to cause     a use-after-free error, resulting in a denial of service     condition or possibly the execution of arbitrary code.
    (CVE-2016-6309)

  - A denial of service vulnerability exists in the OpenSSL     component in x509_vfy.c due to improper handling of     certificate revocation lists (CRLs). An unauthenticated,     remote attacker can exploit this, via a specially     crafted CRL, to cause a NULL pointer dereference,     resulting in a crash of the service. (CVE-2016-7052)

  - An unspecified flaw exists in the AD Utilities component     that allows an authenticated, remote attacker to impact     confidentiality and integrity. (CVE-2017-3562)

  - An unspecified flaw exists in the Registration component     that allows an unauthenticated, remote attacker to     impact confidentiality and integrity. (CVE-2017-10112)

  - An unspecified flaw exists in the CRM User Management     Framework component that allows an unauthenticated,     remote attacker to impact confidentiality and integrity.
    (CVE-2017-10113)

  - An unspecified flaw exists in the User Management     component that allows an unauthenticated, remote     attacker to impact confidentiality and integrity.
    (CVE-2017-10130)

  - An unspecified flaw exists in the Preferences component     that allows an unauthenticated, remote attacker to     impact confidentiality and integrity. (CVE-2017-10143)

  - An unspecified flaw exists in the Oracle Diagnostics     component that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-10144)

  - An unspecified flaw exists in the Wireless/WAP component     that allows an unauthenticated, remote attacker to     impact confidentiality and integrity. (CVE-2017-10170)

  - An unspecified flaw exists in the Home Page component     that allows an unauthenticated, remote attacker to     impact confidentiality and integrity. (CVE-2017-10171)

  - An unspecified flaw exists in the Service Request     component that allows an unauthenticated, remote     attacker to impact confidentiality and integrity.
    (CVE-2017-10174)

  - An unspecified flaw exists in the Profiles component     that allows an authenticated, remote attacker to impact     confidentiality and integrity. (CVE-2017-10175)

  - An unspecified flaw exists in the Flexfields component     that allows an authenticated, remote attacker to impact     confidentiality and integrity. (CVE-2017-10177)

  - An unspecified flaw exists in the Monitoring component     that allows an unauthenticated, remote attacker to     impact confidentiality and integrity. (CVE-2017-10179)

  - A cross-site scripting (XSS) vulnerability exists in the     CMRO component due to improper validation of     user-supplied input to multiple parameters before     returning it to users. An unauthenticated, remote     attacker can exploit this, via a specially crafted     request, to execute arbitrary script code in a user's     browser session. (CVE-2017-10180)

  - An information disclosure vulnerability exists in the     Wireless/WAP component due to improper sanitization of     user-supplied input. An unauthenticated, remote attacker     can exploit this, via a directory traversal attack, to     disclose arbitrary files. (CVE-2017-10184)

  - A cross-site scripting (XSS) vulnerability exists in the     User Management component due to improper validation of     user-supplied input. An unauthenticated, remote attacker     can exploit this, via a specially crafted request, to     execute arbitrary script code in a user's browser     session. (CVE-2017-10185)

  - An information disclosure vulnerability exists in the     User and Company Profile component due to improper     sanitization of user-supplied input. An unauthenticated,     remote attacker can exploit this, via a directory     traversal attack, to disclose arbitrary files.
    (CVE-2017-10186)

  - A cross-site scripting (XSS) vulnerability exists in the     Web Analytics component due to improper validation of     user-supplied input. An unauthenticated, remote attacker     can exploit this, via a specially crafted request, to     execute arbitrary script code in a user's browser     session. (CVE-2017-10191)

  - An information disclosure vulnerability exists in the     Shopping Cart component due to improper sanitization of     user-supplied input. An unauthenticated, remote attacker     can exploit this, via a directory traversal attack, to     disclose arbitrary files. (CVE-2017-10192)

  - An information disclosure vulnerability exists in the     Attachments component that allows an unauthenticated,     remote attacker to disclose any document stored on the     system. (CVE-2017-10244)

  - An information disclosure vulnerability exists in the     Account Hierarchy Manager component that allows an     unauthenticated, remote attacker to disclose sensitive     information in the DBC configuration file.
    (CVE-2017-10245)

  - An unspecified flaw exists in the iHelp component that     allows an unauthenticated, remote attacker to impact     confidentiality and integrity. (CVE-2017-10246)

This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues :

  - Nodejs embedded openssl version update

  + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183,     CVE-2016-2178, CVE-2016-6306, CVE-2016-7052)

  + remove support for dynamic 3rd party engine modules

- http: Properly validate for allowable characters in input user data.
This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here.
  (CVE-2016-5325, bsc#985201)

  - tls: properly validate wildcard certificates     (CVE-2016-7099, bsc#1001652)

  - buffer: Zero-fill excess bytes in new Buffer objects     created with Buffer.concat()

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Oracle Access Manager installed on the remote host is 10.1.4.3.x prior to 10.1.4.3.13 or 11.1.2.3.x prior to 11.1.2.3.180116. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory:

  - A Vulnerability in the Oracle Access Manager component     of Oracle Fusion Middleware (subcomponent: Web Server     Plugin (OpenSSL)). The affected version is 10.1.4.3.0.     This is a difficult to exploit vulnerability that allows     unauthenticated attacker with network access via HTTPS     to compromise Oracle Access Manager. A successful attack     of this vulnerability may result in unauthorized access     to critical data or complete access to all Oracle Access     Manager accessible data. (CVE-2017-3732)

  - A vulnerability in the Oracle Access Manager component     of Oracle Fusion Middleware (subcomponent: Web Server     Plugin). The affected version is 11.1.2.3.0. This is a     difficult to exploit vulnerability that allows an     unauthenticated attacker with network access via HTTPS     to compromise Oracle Access Manager. A successful     attack of this vulnerability may result in unauthorized     access to critical data or complete access to all Oracle     Access Manager accessible data. (CVE-2017-10262)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This update for openssl fixes the following issues :

OpenSSL Security Advisory [22 Sep 2016] (bsc#999665)

Severity: High

  - OCSP Status Request extension unbounded memory growth     (CVE-2016-6304) (bsc#999666)

Severity: Low

  - Pointer arithmetic undefined behaviour (CVE-2016-2177)     (bsc#982575)

  - Constant time flag not preserved in DSA signing     (CVE-2016-2178) (bsc#983249)

  - DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)

  - OOB read in TS_OBJ_print_bio() (CVE-2016-2180)     (bsc#990419)

  - DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)

  - OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)

  - Birthday attack against 64-bit block ciphers (SWEET32)     (CVE-2016-2183) (bsc#995359)

  - Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)

  - OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)

  - Certificate message OOB reads (CVE-2016-6306)     (bsc#999668)

More information can be found on:
https://www.openssl.org/news/secadv/20160922.txt

Also following bugs were fixed :

  - update expired S/MIME certs (bsc#979475)

  - improve s390x performance (bsc#982745)

  - allow >= 64GB AESGCM transfers (bsc#988591)

  - fix crash in print_notice (bsc#998190)

  - resume reading from /dev/urandom when interrupted by a     signal (bsc#995075)

This update was imported from the SUSE:SLE-12-SP1:Update update project.

This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High

  - OCSP Status Request extension unbounded memory growth     (CVE-2016-6304) (bsc#999666) Severity: Low

  - Pointer arithmetic undefined behavior (CVE-2016-2177)     (bsc#982575)

  - Constant time flag not preserved in DSA signing     (CVE-2016-2178) (bsc#983249)

  - DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)

  - DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)

  - OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)

  - Birthday attack against 64-bit block ciphers (SWEET32)     (CVE-2016-2183) (bsc#995359)

  - Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)

  - OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)

  - Certificate message OOB reads (CVE-2016-6306)     (bsc#999668) More information can be found on:
    https://www.openssl.org/news/secadv/20160922.txt Bugs     fixed :

  - Update expired S/MIME certs (bsc#979475)

  - Fix crash in print_notice (bsc#998190)

  - Resume reading from /dev/urandom when interrupted by a     signal (bsc#995075)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote OracleVM system is missing necessary patches to address critical security updates :

  - fix CVE-2016-2177 - possible integer overflow

  - fix CVE-2016-2178 - non-constant time DSA operations

  - fix CVE-2016-2182 - possible buffer overflow in     BN_bn2dec

  - fix CVE-2016-6306 - certificate message OOB reads

  - mitigate CVE-2016-2183 - degrade all 64bit block ciphers     and RC4 to 112 bit effective strength

According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.3.x prior to 3.3.1.1112.
It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL :

  - Multiple integer overflow conditions exist in s3_srvr.c,     ssl_sess.c, and t1_lib.c due to improper use of pointer     arithmetic for heap-buffer boundary checks. An     unauthenticated, remote attacker can exploit this to     cause a denial of service. (CVE-2016-2177)

  - An information disclosure vulnerability exists in the     dsa_sign_setup() function in dsa_ossl.c due to a failure     to properly ensure the use of constant-time operations.
    An unauthenticated, remote attacker can exploit this,     via a timing side-channel attack, to disclose DSA key     information. (CVE-2016-2178)

  - A denial of service vulnerability exists in the DTLS     implementation due to a failure to properly restrict the     lifetime of queue entries associated with unused     out-of-order messages. An unauthenticated, remote     attacker can exploit this, by maintaining multiple     crafted DTLS sessions simultaneously, to exhaust memory.
    (CVE-2016-2179)

  - An out-of-bounds read error exists in the X.509 Public     Key Infrastructure Time-Stamp Protocol (TSP)     implementation. An unauthenticated, remote attacker can     exploit this, via a crafted time-stamp file that is     mishandled by the 'openssl ts' command, to cause     denial of service or to disclose sensitive information.
    (CVE-2016-2180)

  - A denial of service vulnerability exists in the     Anti-Replay feature in the DTLS implementation due to     improper handling of epoch sequence numbers in records.
    An unauthenticated, remote attacker can exploit this,     via spoofed DTLS records, to cause legitimate packets to     be dropped. (CVE-2016-2181)

  - An overflow condition exists in the BN_bn2dec() function     in bn_print.c due to improper validation of     user-supplied input when handling BIGNUM values. An     unauthenticated, remote attacker can exploit this to     crash the process. (CVE-2016-2182)

  - A vulnerability exists, known as SWEET32, in the 3DES     and Blowfish algorithms due to the use of weak 64-bit     block ciphers by default. A man-in-the-middle attacker     who has sufficient resources can exploit this     vulnerability, via a 'birthday' attack, to detect a     collision that leaks the XOR between the fixed secret     and a known plaintext, allowing the disclosure of the     secret text, such as secure HTTPS cookies, and possibly     resulting in the hijacking of an authenticated session.
    (CVE-2016-2183)

  - A flaw exists in the tls_decrypt_ticket() function in     t1_lib.c due to improper handling of ticket HMAC     digests. An unauthenticated, remote attacker can exploit     this, via a ticket that is too short, to crash the     process, resulting in a denial of service.
    (CVE-2016-6302)

  - An integer overflow condition exists in the     MDC2_Update() function in mdc2dgst.c due to improper     validation of user-supplied input. An unauthenticated,     remote attacker can exploit this to cause a heap-based     buffer overflow, resulting in a denial of service     condition or possibly the execution of arbitrary code.
    (CVE-2016-6303)

  - A denial of service vulnerability exists in the     ssl_parse_clienthello_tlsext() function in t1_lib.c due     to improper handling of overly large OCSP Status Request     extensions from clients. An unauthenticated, remote     attacker can exploit this, via large OCSP Status Request     extensions, to exhaust memory resources. (CVE-2016-6304)

  - An out-of-bounds read error exists in the certificate     parser that allows an unauthenticated, remote attacker     to cause a denial of service via crafted certificate     operations. (CVE-2016-6306)

ID	Name	Product	Family	Published	Updated	Severity
101845	Oracle E-Business Multiple Vulnerabilities (July 2017 CPU) (SWEET32)	Nessus	Misc.	7/20/2017	4/11/2022	critical
119982	SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2016:2470-1)	Nessus	SuSE Local Security Checks	1/2/2019	1/27/2022	high
124059	Oracle Access Manager Multiple Vulnerabilities (Jan 2018 CPU)	Nessus	Misc.	4/15/2019	4/11/2022	critical
93783	openSUSE Security Update : openssl (openSUSE-2016-1134)	Nessus	SuSE Local Security Checks	9/28/2016	1/23/2026	critical
93893	SUSE SLES11 Security Update : openssl (SUSE-SU-2016:2458-1)	Nessus	SuSE Local Security Checks	10/6/2016	1/22/2026	critical
94095	OracleVM 3.2 : openssl (OVMSA-2016-0141)	Nessus	OracleVM Local Security Checks	10/17/2016	1/21/2026	critical
96771	MySQL Enterprise Monitor 3.3.x < 3.3.1.1112 Multiple Vulnerabilities (SWEET32) (January 2017 CPU)	Nessus	CGI abuses	1/25/2017	11/13/2019	critical

Detections

Analytics

Plugins Search

critical

high

critical

critical

critical

critical

critical