ID CVE-2016-3504
Summary Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.7.0
    cpe:2.3:a:oracle:jdeveloper:11.1.1.7.0
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0
    cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0
  • cpe:2.3:a:oracle:jdeveloper:11.1.2.4.0
    cpe:2.3:a:oracle:jdeveloper:11.1.2.4.0
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0
    cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.0.0
    cpe:2.3:a:oracle:jdeveloper:12.2.1.0.0
CVSS
Base: 7.5 (as of 01-11-2016 - 14:17)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Misc.
NASL id ORACLE_JDEVELOPER_CPU_JULY_2016.NASL
description The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by multiple remote code execution vulnerabilities : - A remote code execution vulnerability exists in the Application Development Framework (ADF) Faces subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3504) - A remote code execution vulnerability exists in the Apache MyFaces Trinidad component in the CoreResponseStateManager subcomponent due to improper validation of the ObjectInputStream and ObjectOutputStream strings prior to deserialization. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5019)
last seen 2019-02-21
modified 2019-02-07
plugin id 93592
published 2016-09-19
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=93592
title Oracle JDeveloper Multiple RCE (July 2016 CPU)
refmap via4
bid
  • 91787
  • 92023
confirm http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
sectrack 1036370
Last major update 28-11-2016 - 15:10
Published 21-07-2016 - 06:12
Last modified 31-08-2017 - 21:29
Back to Top