Detections
Analytics

Oracle Business Transaction Management 'FlashTunnelService' 'WriteToFile' Message RCE

critical Nessus Plugin ID 78776

Language:

Synopsis

The remote web server hosts a Java web application that is affected by a remote code execution vulnerability.

Description

The remote web server is hosting a version of Oracle Business Transaction Management that is affected by a remote code execution vulnerability. The 'FlashTunnelService' web service does not require authentication and exposes the 'WriteToFile' function, which can allow a remote, unauthenticated attacker to write an arbitrary file containing arbitrary code to the remote host.

Note that the 'deleteFile' function is also exposed and can be used to delete arbitrary files; however, Nessus has not tested for this issue.

Solution

Unknown at this time.

See Also

https://www.securityfocus.com/archive/1/523800

Plugin Details

Severity: Critical

ID: 78776

File Name: oracle_business_transaction_management_file_write.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 10/31/2014

Updated: 2/3/2021

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vulnerability.

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

Vulnerability Information

CPE: cpe:/a:oracle:business_transaction_management

Required KB Items: installed_sw/Oracle Business Transaction Management

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 11/18/2013

Exploitable With

Metasploit (Oracle Business Transaction Management FlashTunnelService Remote Code Execution)

ExploitHub (EH-12-529)

Reference Information

BID: 54839