Oracle WebLogic Server Multiple Vulnerabilities (April 2013 CPU)

medium Nessus Plugin ID 74042

Synopsis

The remote WebLogic server is missing a security patch.

Description

The remote host has an unpatched version of WebLogic installed that is affected by multiple vulnerabilities :

- An unspecified, remote vulnerability exists in the WebLogic console. (CVE-2013-2390)

- A cross-site scripting vulnerability exists in the 'console.portal' script. (CVE-2013-1504)

Solution

Apply the April 2013 CPU.

See Also

http://www.nessus.org/u?c0f55176

Plugin Details

Severity: Medium

ID: 74042

File Name: oracle_weblogic_server_apr_2013_cpu.nbin

Version: 1.505

Type: local

Agent: windows, macosx, unix

Family: CGI abuses

Published: 5/16/2014

Updated: 12/18/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:oracle:fusion_middleware

Required KB Items: Oracle/WLS/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 4/16/2013

Vulnerability Publication Date: 4/16/2013

Reference Information

CVE: CVE-2013-1504, CVE-2013-2390

BID: 59097, 59115