1. CVE-Search
  2. CVE-2016-5537
ID CVE-2016-5537
Summary Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:netbeans:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:netbeans:8.1:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 09-10-2018 - 20:00)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 93686
bugtraq 20161021 Oracle Netbeans IDE v8.1 Import Directory Traversal
confirm http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
exploit-db 40588
misc
sectrack 1037051
Last major update 09-10-2018 - 20:00
Published 25-10-2016 - 14:30
Last modified 09-10-2018 - 20:00
Back to Top