This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2016-02-14
Product Tuxedo Last view 2018-11-15
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:oracle:tuxedo:12.1.1:*:*:*:*:*:*:* 6
cpe:2.3:a:oracle:tuxedo:12.1.3:*:*:*:*:*:*:* 6
cpe:2.3:a:oracle:tuxedo:12.2.2:*:*:*:*:*:*:* 6
cpe:2.3:a:oracle:tuxedo:11.1.1:*:*:*:*:*:*:* 5
cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:* 3
cpe:2.3:a:oracle:tuxedo:12.1.1.0:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
4.7 2018-11-15 CVE-2018-5407

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

5.9 2018-10-30 CVE-2018-0734

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

5.9 2018-10-29 CVE-2018-0735

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

8.6 2018-07-18 CVE-2018-3007

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

7 2017-11-14 CVE-2017-10278

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data as well as unauthorized update, insert or delete access to some of Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L).

9.9 2017-11-14 CVE-2017-10272

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).

10 2017-11-14 CVE-2017-10269

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L).

7.5 2017-11-14 CVE-2017-10267

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

5.3 2017-11-14 CVE-2017-10266

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Tuxedo accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

5.9 2016-02-14 CVE-2015-3197

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

CWE : Common Weakness Enumeration

%idName
42% (3) CWE-200 Information Exposure
28% (2) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
14% (1) CWE-310 Cryptographic Issues
14% (1) CWE-203 Information Exposure Through Discrepancy

Snort® IPS/IDS

Date Description
2019-09-24 Oracle Tuxedo Jolt server heap overflow attempt
RuleID : 51141 - Type : SERVER-OTHER - Revision : 1
2016-04-05 SSLv2 Client Hello attempt
RuleID : 38060 - Type : POLICY-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-18 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_8_0_14.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_7_25.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_6_43.nasl - Type: ACT_GATHER_INFO
2019-01-02 Name: Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File: nessus_tns_2018_17.nasl - Type: ACT_GATHER_INFO
2019-01-02 Name: Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File: nessus_tns_2018_16.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1434.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: Node.js - JavaScript run-time environment is affected by multiple vulnerabili...
File: nodejs_2018_nov.nasl - Type: ACT_GATHER_INFO
2018-12-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4355.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_2a86f45afc3c11e8a41400155d006b02.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4348.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1586.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-325-01.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_6f170cf2e6b711e8a9a8b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-10-30 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_238ae7dedba211e8b713b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0018.nasl - Type: ACT_GATHER_INFO
2017-11-27 Name: An application server installed on the remote host is affected by multiple vu...
File: oracle_tuxedo_CVE-2017-10269.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1040.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1039.nasl - Type: ACT_GATHER_INFO
2017-01-05 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10759.nasl - Type: ACT_GATHER_INFO
2016-07-14 Name: The remote Fedora host is missing a security update.
File: fedora_2016-e1234b65a2.nasl - Type: ACT_GATHER_INFO
2016-07-14 Name: The remote Fedora host is missing a security update.
File: fedora_2016-c558e58b21.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0071.nasl - Type: ACT_GATHER_INFO
2016-05-16 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0049.nasl - Type: ACT_GATHER_INFO
2016-05-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-563.nasl - Type: ACT_GATHER_INFO