This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2016-02-14
Product Oss Support Tools Last view 2019-05-28
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:oracle:oss_support_tools:-:*:*:*:*:*:*:* 3
cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* 3
cpe:2.3:a:oracle:oss_support_tools:8.11.16.3.8:*:*:*:*:*:*:* 1
cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:* 1
cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
7.8 2019-05-28 CVE-2019-5436

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

6.1 2018-01-18 CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

7.5 2018-01-17 CVE-2018-2617

Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

8.8 2018-01-17 CVE-2018-2616

Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

8.8 2018-01-17 CVE-2018-2615

Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

5.9 2016-02-14 CVE-2015-3197

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-787 Out-of-bounds Write
25% (1) CWE-310 Cryptographic Issues
25% (1) CWE-200 Information Exposure
25% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Snort® IPS/IDS

Date Description
2016-04-05 SSLv2 Client Hello attempt
RuleID : 38060 - Type : POLICY-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-02-28 Name: The version of Arista Networks EOS running on the remote device is affected b...
File: arista_eos_sa0018.nasl - Type: ACT_GATHER_INFO
2018-02-07 Name: The remote web server is affected by a cross site scripting vulnerability.
File: jquery_2_2_0.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1040.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1039.nasl - Type: ACT_GATHER_INFO
2017-01-05 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10759.nasl - Type: ACT_GATHER_INFO
2016-07-14 Name: The remote Fedora host is missing a security update.
File: fedora_2016-e1234b65a2.nasl - Type: ACT_GATHER_INFO
2016-07-14 Name: The remote Fedora host is missing a security update.
File: fedora_2016-c558e58b21.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0071.nasl - Type: ACT_GATHER_INFO
2016-05-16 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0049.nasl - Type: ACT_GATHER_INFO
2016-05-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-563.nasl - Type: ACT_GATHER_INFO
2016-05-02 Name: The remote host is missing one or more security updates.
File: mysql_5_7_12_rpm.nasl - Type: ACT_GATHER_INFO
2016-05-02 Name: The remote host is missing one or more security updates.
File: mysql_5_6_30_rpm.nasl - Type: ACT_GATHER_INFO
2016-04-22 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_7_12.nasl - Type: ACT_GATHER_INFO
2016-04-22 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_6_30.nasl - Type: ACT_GATHER_INFO
2016-04-22 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: virtualbox_5_0_18.nasl - Type: ACT_GATHER_INFO
2016-04-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2016-682.nasl - Type: ACT_GATHER_INFO
2016-03-14 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-327.nasl - Type: ACT_GATHER_INFO
2016-03-11 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2016-661.nasl - Type: ACT_GATHER_INFO
2016-03-10 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20160309_openssl098e_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2016-03-10 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2016-0379.nasl - Type: ACT_GATHER_INFO
2016-03-10 Name: The remote AIX host has a version of OpenSSL installed that is affected by mu...
File: aix_openssl_advisory17.nasl - Type: ACT_GATHER_INFO
2016-03-09 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-0372.nasl - Type: ACT_GATHER_INFO
2016-03-09 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2016-0372.nasl - Type: ACT_GATHER_INFO
2016-03-09 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2016-0372.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0678-1.nasl - Type: ACT_GATHER_INFO