Executive Summary
Summary | |
---|---|
Title | Oracle Outside In contains multiple exploitable vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#118913 | First vendor Publication | 2012-07-17 |
Vendor | VU-CERT | Last vendor Modification | 2012-08-15 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#118913Oracle Outside In contains multiple exploitable vulnerabilitiesOverviewOracle Outside In contains multiple exploitable vulnerabilities in its parsers, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThis vulnerability was reported by Will Dormann of the CERT/CC. This document was written by Will Dormann. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify |
Original Source
Url : http://www.kb.cert.org/vuls/id/118913 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14834 | |||
Oval ID: | oval:org.mitre.oval:def:14834 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - XII | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3109 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14882 | |||
Oval ID: | oval:org.mitre.oval:def:14882 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - V | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1770 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15275 | |||
Oval ID: | oval:org.mitre.oval:def:15275 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - III | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1768 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15323 | |||
Oval ID: | oval:org.mitre.oval:def:15323 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - VII | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1772 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15568 | |||
Oval ID: | oval:org.mitre.oval:def:15568 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - VIII | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1773 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15608 | |||
Oval ID: | oval:org.mitre.oval:def:15608 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - IX | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3106 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15648 | |||
Oval ID: | oval:org.mitre.oval:def:15648 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - X | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3107 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15668 | |||
Oval ID: | oval:org.mitre.oval:def:15668 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - VI | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1771 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15721 | |||
Oval ID: | oval:org.mitre.oval:def:15721 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - IV | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1769 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15724 | |||
Oval ID: | oval:org.mitre.oval:def:15724 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - I | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1766 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15747 | |||
Oval ID: | oval:org.mitre.oval:def:15747 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - XIII | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3110 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15804 | |||
Oval ID: | oval:org.mitre.oval:def:15804 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - XI | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3108 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15812 | |||
Oval ID: | oval:org.mitre.oval:def:15812 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - II | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1767 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2012-10-10 | Name : Microsoft FAST Search Server 2010 for SharePoint RCE Vulnerabilities (2742321) File : nvt/secpod_ms12-067.nasl |
2012-08-15 | Name : MS Exchange Server WebReady Document Viewing Remote Code Execution Vulnerabil... File : nvt/secpod_ms12-058.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-15 | Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt RuleID : 43560 - Revision : 1 - Type : FILE-OTHER |
2014-01-10 | Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt RuleID : 23806 - Revision : 10 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-10-10 | Name : The remote Windows host is affected by multiple code execution vulnerabilities. File : smb_nt_ms12-067.nasl - Type : ACT_GATHER_INFO |
2012-10-09 | Name : An archiving application installed on the remote host has multiple vulnerabil... File : symantec_enterprise_vault_sym12-015.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Windows host has an application that is affected by a buffer overf... File : groupwise_ia_803_hp1.nasl - Type : ACT_GATHER_INFO |
2012-08-15 | Name : The remote mail server has multiple code execution vulnerabilities. File : smb_nt_ms12-058.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:30 |
|