SB2019011573 - Multiple vulnerabilities in Oracle Enterprise Repository

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019011573

SB2019011573 - Multiple vulnerabilities in Oracle Enterprise Repository

Published: January 15, 2019

Security Bulletin ID SB2019011573
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper validation of certificate with host mismatch (CVE-ID: CVE-2018-11775)

The vulnerability allows a remote attacker to perform a MitM attack.

The vulnerability exists due to the Apache ActiveMQ Client does not validate hostname when using SSL/TLS protocol to connect to the Apache ActiveMQ server. A remote attacker can perform a Man-in-the-Middle (MitM) attack and intercept all traffic between Java client and ActiveMQ server.


2) Improper input validation (CVE-ID: CVE-2018-1000180)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the IDIH Visualization (Bouncy Castle Java Library) component in Oracle Communications Diameter Signaling Router (DSR). A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.


Remediation

Install update from vendor's website.

References