The version of Oracle Access Manager installed on the remote host is 10.1.4.3.x prior to 10.1.4.3.13 or 11.1.2.3.x prior to 11.1.2.3.180116. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory:

  - A Vulnerability in the Oracle Access Manager component     of Oracle Fusion Middleware (subcomponent: Web Server     Plugin (OpenSSL)). The affected version is 10.1.4.3.0.     This is a difficult to exploit vulnerability that allows     unauthenticated attacker with network access via HTTPS     to compromise Oracle Access Manager. A successful attack     of this vulnerability may result in unauthorized access     to critical data or complete access to all Oracle Access     Manager accessible data. (CVE-2017-3732)

  - A vulnerability in the Oracle Access Manager component     of Oracle Fusion Middleware (subcomponent: Web Server     Plugin). The affected version is 11.1.2.3.0. This is a     difficult to exploit vulnerability that allows an     unauthenticated attacker with network access via HTTPS     to compromise Oracle Access Manager. A successful     attack of this vulnerability may result in unauthorized     access to critical data or complete access to all Oracle     Access Manager accessible data. (CVE-2017-10262)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle E-Business installed on the remote host is missing the July 2017 Oracle Critical Patch Update (CPU). It is, therefore, affected by the following vulnerabilities :

  - Multiple integer overflow conditions exist in the     OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c     due to improper use of pointer arithmetic for     heap-buffer boundary checks. An unauthenticated, remote     attacker can exploit this to cause a denial of service.
    (CVE-2016-2177)

  - An information disclosure vulnerability exists in the     OpenSSL component in the dsa_sign_setup() function in     dsa_ossl.c due to a failure to properly ensure the use     of constant-time operations. An unauthenticated, remote     attacker can exploit this, via a timing side-channel     attack, to disclose DSA key information. (CVE-2016-2178)

  - A denial of service vulnerability exists in the OpennSSL     component in the DTLS implementation due to a failure to     properly restrict the lifetime of queue entries     associated with unused out-of-order messages. An     unauthenticated, remote attacker can exploit this, by     maintaining multiple crafted DTLS sessions     simultaneously, to exhaust memory. (CVE-2016-2179)

  - An out-of-bounds read error exists in the OpenSSL     component in the X.509 Public Key Infrastructure     Time-Stamp Protocol (TSP) implementation. An     unauthenticated, remote attacker can exploit this, via a     crafted time-stamp file that is mishandled by the     'openssl ts' command, to cause a denial of service or to     disclose sensitive information. (CVE-2016-2180)

  - A denial of service vulnerability exists in the OpenSSL     component in the Anti-Replay feature in the DTLS     implementation due to improper handling of epoch     sequence numbers in records. An unauthenticated, remote     attacker can exploit this, via spoofed DTLS records, to     cause legitimate packets to be dropped. (CVE-2016-2181)

  - An overflow condition exists in the OpenSSL component in     the BN_bn2dec() function in bn_print.c due to improper     validation of user-supplied input when handling BIGNUM     values. An unauthenticated, remote attacker can exploit     this to crash the process. (CVE-2016-2182)

  - A vulnerability exists, known as SWEET32, in the OpenSSL     component in the 3DES and Blowfish algorithms due to the     use of weak 64-bit block ciphers by default. A     man-in-the-middle attacker who has sufficient resources     can exploit this vulnerability, via a 'birthday' attack,     to detect a collision that leaks the XOR between the     fixed secret and a known plaintext, allowing the     disclosure of the secret text, such as secure HTTPS     cookies, and possibly resulting in the hijacking of an     authenticated session. (CVE-2016-2183)

  - A flaw exists in the OpenSSL component in the     tls_decrypt_ticket() function in t1_lib.c due to     improper handling of ticket HMAC digests. An     unauthenticated, remote attacker can exploit this, via a     ticket that is too short, to crash the process,     resulting in a denial of service. (CVE-2016-6302)

  - An integer overflow condition exists in the OpenSSL     component in the MDC2_Update() function in mdc2dgst.c     due to improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit this to     cause a heap-based buffer overflow, resulting in a     denial of service condition or possibly the execution of     arbitrary code. (CVE-2016-6303)

  - A flaw exists in the OpenSSL component in the     ssl_parse_clienthello_tlsext() function in t1_lib.c due     to improper handling of overly large OCSP Status Request     extensions from clients. An unauthenticated, remote     attacker can exploit this, via large OCSP Status Request     extensions, to exhaust memory resources, resulting in a     denial of service condition. (CVE-2016-6304)

  - A flaw exists in the OpenSSL component in the SSL_peek()     function in rec_layer_s3.c due to improper handling of     empty records. An unauthenticated, remote attacker can     exploit this, by triggering a zero-length record in an     SSL_peek call, to cause an infinite loop, resulting in a     denial of service condition. (CVE-2016-6305)

  - An out-of-bounds read error exists in the OpenSSL     component in the certificate parser that allows an     unauthenticated, remote attacker to cause a denial of     service via crafted certificate operations.
    (CVE-2016-6306)

  - A denial of service vulnerability exists in the OpenSSL     component in the state-machine implementation due to a     failure to check for an excessive length before     allocating memory. An unauthenticated, remote attacker     can exploit this, via a crafted TLS message, to exhaust     memory resources. (CVE-2016-6307)

  - A denial of service vulnerability exists in the OpenSSL     component in the DTLS implementation due to improper     handling of excessively long DTLS messages. An     unauthenticated, remote attacker can exploit this, via a     crafted DTLS message, to exhaust available memory     resources. (CVE-2016-6308)

  - A remote code execution vulnerability exists in the     OpenSSL component in the read_state_machine() function     in statem.c due to improper handling of messages larger     than 16k. An unauthenticated, remote attacker can     exploit this, via a specially crafted message, to cause     a use-after-free error, resulting in a denial of service     condition or possibly the execution of arbitrary code.
    (CVE-2016-6309)

  - A denial of service vulnerability exists in the OpenSSL     component in x509_vfy.c due to improper handling of     certificate revocation lists (CRLs). An unauthenticated,     remote attacker can exploit this, via a specially     crafted CRL, to cause a NULL pointer dereference,     resulting in a crash of the service. (CVE-2016-7052)

  - An unspecified flaw exists in the AD Utilities component     that allows an authenticated, remote attacker to impact     confidentiality and integrity. (CVE-2017-3562)

  - An unspecified flaw exists in the Registration component     that allows an unauthenticated, remote attacker to     impact confidentiality and integrity. (CVE-2017-10112)

  - An unspecified flaw exists in the CRM User Management     Framework component that allows an unauthenticated,     remote attacker to impact confidentiality and integrity.
    (CVE-2017-10113)

  - An unspecified flaw exists in the User Management     component that allows an unauthenticated, remote     attacker to impact confidentiality and integrity.
    (CVE-2017-10130)

  - An unspecified flaw exists in the Preferences component     that allows an unauthenticated, remote attacker to     impact confidentiality and integrity. (CVE-2017-10143)

  - An unspecified flaw exists in the Oracle Diagnostics     component that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-10144)

  - An unspecified flaw exists in the Wireless/WAP component     that allows an unauthenticated, remote attacker to     impact confidentiality and integrity. (CVE-2017-10170)

  - An unspecified flaw exists in the Home Page component     that allows an unauthenticated, remote attacker to     impact confidentiality and integrity. (CVE-2017-10171)

  - An unspecified flaw exists in the Service Request     component that allows an unauthenticated, remote     attacker to impact confidentiality and integrity.
    (CVE-2017-10174)

  - An unspecified flaw exists in the Profiles component     that allows an authenticated, remote attacker to impact     confidentiality and integrity. (CVE-2017-10175)

  - An unspecified flaw exists in the Flexfields component     that allows an authenticated, remote attacker to impact     confidentiality and integrity. (CVE-2017-10177)

  - An unspecified flaw exists in the Monitoring component     that allows an unauthenticated, remote attacker to     impact confidentiality and integrity. (CVE-2017-10179)

  - A cross-site scripting (XSS) vulnerability exists in the     CMRO component due to improper validation of     user-supplied input to multiple parameters before     returning it to users. An unauthenticated, remote     attacker can exploit this, via a specially crafted     request, to execute arbitrary script code in a user's     browser session. (CVE-2017-10180)

  - An information disclosure vulnerability exists in the     Wireless/WAP component due to improper sanitization of     user-supplied input. An unauthenticated, remote attacker     can exploit this, via a directory traversal attack, to     disclose arbitrary files. (CVE-2017-10184)

  - A cross-site scripting (XSS) vulnerability exists in the     User Management component due to improper validation of     user-supplied input. An unauthenticated, remote attacker     can exploit this, via a specially crafted request, to     execute arbitrary script code in a user's browser     session. (CVE-2017-10185)

  - An information disclosure vulnerability exists in the     User and Company Profile component due to improper     sanitization of user-supplied input. An unauthenticated,     remote attacker can exploit this, via a directory     traversal attack, to disclose arbitrary files.
    (CVE-2017-10186)

  - A cross-site scripting (XSS) vulnerability exists in the     Web Analytics component due to improper validation of     user-supplied input. An unauthenticated, remote attacker     can exploit this, via a specially crafted request, to     execute arbitrary script code in a user's browser     session. (CVE-2017-10191)

  - An information disclosure vulnerability exists in the     Shopping Cart component due to improper sanitization of     user-supplied input. An unauthenticated, remote attacker     can exploit this, via a directory traversal attack, to     disclose arbitrary files. (CVE-2017-10192)

  - An information disclosure vulnerability exists in the     Attachments component that allows an unauthenticated,     remote attacker to disclose any document stored on the     system. (CVE-2017-10244)

  - An information disclosure vulnerability exists in the     Account Hierarchy Manager component that allows an     unauthenticated, remote attacker to disclose sensitive     information in the DBC configuration file.
    (CVE-2017-10245)

  - An unspecified flaw exists in the iHelp component that     allows an unauthenticated, remote attacker to impact     confidentiality and integrity. (CVE-2017-10246)

Update from upstream with multiple security issues fixed.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were discovered in OpenSSL :

CVE-2016-2177

Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithme tic/

CVE-2016-2178

Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code.

CVE-2016-2179 / CVE-2016-2181

Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS.

CVE-2016-2180 / CVE-2016-2182 / CVE-2016-6303

Shi Lei discovered an out-of-bounds memory read in TS_OBJ_print_bio() and an out-of-bounds write in BN_bn2dec() and MDC2_Update().

CVE-2016-2183

DES-based cipher suites are demoted from the HIGH group to MEDIUM as a mitigation for the SWEET32 attack.

CVE-2016-6302

Shi Lei discovered that the use of SHA512 in TLS session tickets is susceptible to denial of service.

CVE-2016-6304

Shi Lei discovered that excessively large OCSP status request may result in denial of service via memory exhaustion.

CVE-2016-6306

Shi Lei discovered that missing message length validation when parsing certificates may potentially result in denial of service.

For Debian 7 'Wheezy', these problems have been fixed in version 1.0.1t-1+deb7u1.

We recommend that you upgrade your openssl and libssl1.0.0 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High

  - OCSP Status Request extension unbounded memory growth     (CVE-2016-6304) (bsc#999666) Severity: Low

  - Pointer arithmetic undefined behavior (CVE-2016-2177)     (bsc#982575)

  - Constant time flag not preserved in DSA signing     (CVE-2016-2178) (bsc#983249)

  - DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)

  - DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)

  - OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)

  - Birthday attack against 64-bit block ciphers (SWEET32)     (CVE-2016-2183) (bsc#995359)

  - Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)

  - OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)

  - Certificate message OOB reads (CVE-2016-6306)     (bsc#999668) More information can be found on:
    https://www.openssl.org/news/secadv/20160922.txt Bugs     fixed :

  - Update expired S/MIME certs (bsc#979475)

  - Fix crash in print_notice (bsc#998190)

  - Resume reading from /dev/urandom when interrupted by a     signal (bsc#995075)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - OpenSSL through 1.0.2h incorrectly uses pointer     arithmetic for heap-buffer boundary checks, which might     allow remote attackers to cause a denial of service     (integer overflow and application crash) or possibly     have unspecified other impact by leveraging unexpected     malloc behavior, related to s3_srvr.c, ssl_sess.c, and     t1_lib.c.(CVE-2016-2177)

  - The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in     OpenSSL through 1.0.2h does not properly ensure the use     of constant-time operations, which makes it easier for     local users to discover a DSA private key via a timing     side-channel attack.(CVE-2016-2178)

  - The DTLS implementation in OpenSSL before 1.1.0 does     not properly restrict the lifetime of queue entries     associated with unused out-of-order messages, which     allows remote attackers to cause a denial of service     (memory consumption) by maintaining many crafted DTLS     sessions simultaneously, related to d1_lib.c,     statem_dtls.c, statem_lib.c, and     statem_srvr.c.(CVE-2016-2179)

  - The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in     the X.509 Public Key Infrastructure Time-Stamp Protocol     (TSP) implementation in OpenSSL through 1.0.2h allows     remote attackers to cause a denial of service     (out-of-bounds read and application crash) via a     crafted time-stamp file that is mishandled by the     'openssl ts' command.(CVE-2016-2180)

  - The Anti-Replay feature in the DTLS implementation in     OpenSSL before 1.1.0 mishandles early use of a new     epoch number in conjunction with a large sequence     number, which allows remote attackers to cause a denial     of service (false-positive packet drops) via spoofed     DTLS records, related to rec_layer_d1.c and     ssl3_record.c.(CVE-2016-2181)

  - The BN_bn2dec function in crypto/bn/bn_print.c in     OpenSSL before 1.1.0 does not properly validate     division results, which allows remote attackers to     cause a denial of service (out-of-bounds write and     application crash) or possibly have unspecified other     impact via unknown vectors.(CVE-2016-2182)

  - The tls_decrypt_ticket function in ssl/t1_lib.c in     OpenSSL before 1.1.0 does not consider the HMAC size     during validation of the ticket length, which allows     remote attackers to cause a denial of service via a     ticket that is too short.(CVE-2016-6302)

  - Multiple memory leaks in t1_lib.c in OpenSSL before     1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a     allow remote attackers to cause a denial of service     (memory consumption) via large OCSP Status Request     extensions.(CVE-2016-6304)

  - The certificate parser in OpenSSL before 1.0.1u and     1.0.2 before 1.0.2i might allow remote attackers to     cause a denial of service (out-of-bounds read) via     crafted certificate operations, related to s3_clnt.c     and s3_srvr.c.(CVE-2016-6306)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues :

  - Nodejs embedded openssl version update

  + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183,     CVE-2016-2178, CVE-2016-6306, CVE-2016-7052)

  + remove support for dynamic 3rd party engine modules

- http: Properly validate for allowable characters in input user data.
This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here.
  (CVE-2016-5325, bsc#985201)

  - tls: properly validate wildcard certificates     (CVE-2016-7099, bsc#1001652)

  - buffer: Zero-fill excess bytes in new Buffer objects     created with Buffer.concat()

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Published	Updated	Severity
124059	Oracle Access Manager Multiple Vulnerabilities (Jan 2018 CPU)	Nessus	Misc.	4/15/2019	4/11/2022	critical
101845	Oracle E-Business Multiple Vulnerabilities (July 2017 CPU) (SWEET32)	Nessus	Misc.	7/20/2017	4/11/2022	critical
93978	Fedora 23 : 1:openssl (2016-97454404fe)	Nessus	Fedora Local Security Checks	10/12/2016	1/22/2026	critical
93690	Debian DLA-637-1 : openssl security update	Nessus	Debian Local Security Checks	9/26/2016	1/23/2026	critical
93893	SUSE SLES11 Security Update : openssl (SUSE-SU-2016:2458-1)	Nessus	SuSE Local Security Checks	10/6/2016	1/22/2026	critical
99810	EulerOS 2.0 SP1 : openssl (EulerOS-SA-2016-1047)	Nessus	Huawei Local Security Checks	5/1/2017	12/22/2025	critical
119982	SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2016:2470-1)	Nessus	SuSE Local Security Checks	1/2/2019	1/27/2022	high

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

high