ID CVE-2015-6015
Summary Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted Paradox DB file. CVSSv2 score based on information provided by https://www.kb.cert.org/vuls/id/916896. Score may vary based on implementation.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:outside_in_technology:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:outside_in_technology:8.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:outside_in_technology:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:outside_in_technology:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 10-09-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 81243
cert-vn VU#916896
confirm http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
sectrack 1034711
Last major update 10-09-2017 - 01:29
Published 22-01-2016 - 15:59
Last modified 10-09-2017 - 01:29
Back to Top