Multiple vulnerabilities in Oracle WebLogic Server



Published: 2022-10-20 | Updated: 2022-11-28
Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2021-29425
CVE-2022-21616
CVE-2022-22968
CVE-2020-17521
CVE-2022-22971
CVE-2022-23437
CVE-2020-28052
CWE-ID CWE-22
CWE-125
CWE-254
CWE-276
CWE-20
CWE-835
CWE-1025
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #7 is available.
Vulnerable software
Subscribe
Oracle WebLogic Server
Server applications / Application servers

Vendor Oracle

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Path traversal

EUVDB-ID: #VU52252

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-29425

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error within the FileNameUtils.normalize method when processing directory traversal sequences, such as "//../foo", or "\..foo". A remote attacker can send a specially crafted request and verify files availability in the parent folder.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle WebLogic Server: 12.2.1.3.0 - 14.1.1.0.0


CPE2.3 External links

http://www.oracle.com/security-alerts/cpuoct2022.html?3219

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper input validation

EUVDB-ID: #VU68536

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21616

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local privileged user to read and manipulate data.

The vulnerability exists due to improper input validation within the Web Container component in Oracle WebLogic Server. A local privileged user can exploit this vulnerability to read and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle WebLogic Server: 12.2.1.3.0 - 14.1.1.0.0


CPE2.3 External links

http://www.oracle.com/security-alerts/cpuoct2022.html?3219

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Security features bypass

EUVDB-ID: #VU62314

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-22968

CWE-ID: CWE-254 - Security Features

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to patterns for disallowedFields on a DataBinder are case sensitive, which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. A remote attacker can bypass implemented security restrictions by passing case sensitive data to the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle WebLogic Server: 12.2.1.4.0 - 14.1.1.0.0


CPE2.3 External links

http://www.oracle.com/security-alerts/cpuoct2022.html?3219

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Incorrect default permissions

EUVDB-ID: #VU48792

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-17521

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for temporary files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle WebLogic Server: 12.2.1.3.0 - 12.2.1.4.0


CPE2.3 External links

http://www.oracle.com/security-alerts/cpuoct2022.html?3219

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Input validation error

EUVDB-ID: #VU63085

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-22971

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Spring application with a STOMP over WebSocket endpoint. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle WebLogic Server: 12.2.1.3.0 - 14.1.1.0.0


CPE2.3 External links

http://www.oracle.com/security-alerts/cpuoct2022.html?3219

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Infinite loop

EUVDB-ID: #VU59965

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-23437

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when parsing XML documents. A remote attacker can supply a specially crafted XML document, consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle WebLogic Server: 12.2.1.3.0 - 14.1.1.0.0


CPE2.3 External links

http://www.oracle.com/security-alerts/cpuoct2022.html?3219

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Comparison using wrong factors

EUVDB-ID: #VU49086

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-28052

CWE-ID: CWE-1025 - Comparison using wrong factors

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to brute-force password hashes.

The vulnerability exists due to comparison error in OpenBSDBCrypt.checkPassword() function in core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java when matching passwords with hashes. A remote attacker can pass an incorrect password that will be accepted as a valid one by the library, bypass authentication process and gain unauthorized access to the application that uses vulnerable version of Bouncy Castle.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle WebLogic Server: 12.2.1.3.0 - 14.1.1.0.0


CPE2.3 External links

http://www.oracle.com/security-alerts/cpuoct2022.html?3219

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###