ID CVE-2016-3595
Summary Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3596.
References
Vulnerable Configurations
  • Oracle Outside In Technology 8.5.0
    cpe:2.3:a:oracle:outside_in_technology:8.5.0
  • Oracle Outside In Technology 8.5.1
    cpe:2.3:a:oracle:outside_in_technology:8.5.1
  • Oracle Outside In Technology 8.5.2
    cpe:2.3:a:oracle:outside_in_technology:8.5.2
CVSS
Base: 9.0 (as of 12-08-2016 - 10:34)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE PARTIAL PARTIAL
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS16-108.NASL
description The remote Microsoft Exchange Server is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in the Oracle Outside In libraries. An unauthenticated, remote attacker can exploit these, via a specially crafted email, to execute arbitrary code. (CVE-2015-6014, CVE-2016-3575, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, CVE-2016-3596) - An unspecified information disclosure vulnerability exists in the Oracle Outside In libraries that allows an attacker to disclose sensitive information. (CVE-2016-3574) - Multiple denial of service vulnerabilities exists in the Oracle Outside In libraries. (CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3590) - An information disclosure vulnerability exists due to improper parsing of certain unstructured file formats. An unauthenticated, remote attacker can exploit this, via a crafted email using 'send as' rights, to disclose confidential user information. (CVE-2016-0138) - An open redirect vulnerability exists due to improper handling of open redirect requests. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to redirect the user to a malicious website that spoofs a legitimate one. (CVE-2016-3378) - An elevation of privilege vulnerability exists due to improper handling of meeting invitation requests. An unauthenticated, remote attacker can exploit this, via a specially crafted Outlook meeting invitation request, to gain elevated privileges. (CVE-2016-3379)
last seen 2019-02-21
modified 2018-11-15
plugin id 93467
published 2016-09-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=93467
title MS16-108: Security Update for Microsoft Exchange Server (3185883)
refmap via4
bid
  • 91787
  • 91940
confirm
sectrack 1036370
talos via4
id TALOS-2016-0162
last seen 2018-08-31
published 2016-07-19
reporter Talos Intelligence
source http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0162
title Oracle OIT libim_gem2 Gem_Text Code Execution Vulnerability
Last major update 28-11-2016 - 15:11
Published 21-07-2016 - 06:14
Last modified 31-08-2017 - 21:29
Back to Top