Test Kennung:	1.3.6.1.4.1.25623.1.0.811244
Kategorie:	Web Servers
Titel:	Oracle WebLogic Server Multiple Vulnerabilities (cpujul2017-3236622)
Zusammenfassung:	Oracle WebLogic Server is prone to multiple vulnerabilities.
Beschreibung:	Summary: Oracle WebLogic Server is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to some unspecified errors in the 'Sample apps (Struts 2)', 'Core Components', 'Web Container', 'WLST' 'Web Services', 'WLS-WebServices' and 'WLS Security' components of application. Vulnerability Impact: Successful exploitation will allow attackers to have an impact on confidentiality, integrity and availability. Affected Software/OS: Oracle WebLogic Server versions 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Solution: See the referenced advisories for a solution. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 96729 BugTraq ID: 99651 BugTraq ID: 99644 BugTraq ID: 78027 BugTraq ID: 99652 BugTraq ID: 99653 BugTraq ID: 101304 BugTraq ID: 101392 Common Vulnerability Exposure (CVE) ID: CVE-2017-5638 http://www.securityfocus.com/bid/96729 CERT/CC vulnerability note: VU#834067 https://www.kb.cert.org/vuls/id/834067 https://exploit-db.com/exploits/41570 https://www.exploit-db.com/exploits/41614/ http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/ http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/ https://github.com/mazen160/struts-pwn https://github.com/rapid7/metasploit-framework/issues/8064 https://isc.sans.edu/diary/22169 https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt https://twitter.com/theog150/status/841146956135124993 https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/ https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E http://www.securitytracker.com/id/1037973 Common Vulnerability Exposure (CVE) ID: CVE-2013-2027 http://www.mandriva.com/security/advisories?name=MDVSA-2015:158 https://bugzilla.redhat.com/show_bug.cgi?id=947949 SuSE Security Announcement: openSUSE-SU-2015:0269 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.