SB20190115113 - Multiple vulnerabilities in Oracle Communications Services Gatekeeper
Published: January 15, 2019
Security Bulletin ID
SB20190115113
Severity
Critical
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Missing authorization (CVE-ID: CVE-2018-1258)
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.The weakness exists due to improper security restrictions when using Spring Security method security. A remote attacker can submit a specially crafted request, bypass authorization restrictions and gain unauthorized access to certain methods that should be restricted.
2) Arbitrary file upload (CVE-ID: CVE-2018-9206)
The vulnerability allows a remote attacker to compromise vulnerable system.The vulnerability exists in the plugin's source code that handles file uploads to PHP servers due to software allows upload of arbitrary files to the system. A remote unauthenticated attacker can upload arbitrary .htaccess file to impose security restrictions to its upload folder and upload backdoors and web shells.
Note: The vulnerability has been actively exploited for at least 3 years.
3) Desereliazation of untrusted data (CVE-ID: CVE-2016-1000031)
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.The weakness exists in DiskFileItem class of the FileUpload library due to deserialization of untrusted data. A remote attacker can execute arbitrary code under the context of the current process.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.