Lucene search
OracleCVE-2013-1495HistoryMar 18, 2013 - 9:55 p.m.
CVE-2013-1495
2013-03-1821:55:01
CWE-59
oracle
web.nvd.nist.gov
29
cve
2013
1495
oracle
auto service request
symlink attack
vulnerability
nvd
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.1
Confidence
Low
EPSS
0.001
Percentile
26.5%
asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp.
Affected configurations
Node
oraclesupport_toolsRange≤4.3.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | support_tools | * | cpe:2.3:a:oracle:support_tools:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2013-1495
2013-03-18 21:00:00
nvd
nvd
CVE-2013-1495
2013-03-18 21:55:01
prion
prion
Design/Logic Flaw
2013-03-18 21:55:00
securityvulns
securityvulns
oracle
oracle
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.1
Confidence
Low
EPSS
0.001
Percentile
26.5%
Related for CVE-2013-1495