ID CVE-2015-6013
Summary Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted WK4 file. CVSSv2 score based on information provided by https://www.kb.cert.org/vuls/id/916896. Score may vary based on implementation.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:outside_in_technology:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:outside_in_technology:8.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:outside_in_technology:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:outside_in_technology:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 10-09-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS16-079
bulletin_url
date 2016-06-14T00:00:00
impact Elevation of Privilege
knowledgebase_id 3160339
knowledgebase_url
severity Important
title Security Update for Microsoft Exchange Server
refmap via4
bid 81227
cert-vn VU#916896
confirm http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
sectrack 1034711
Last major update 10-09-2017 - 01:29
Published 22-01-2016 - 15:59
Last modified 10-09-2017 - 01:29
Back to Top