Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveOracleCVE-2014-6577
HistoryJan 21, 2015 - 3:28 p.m.

CVE-2014-6577

2015-01-2115:28:16
oracle
web.nvd.nist.gov
54
2
cve-2014-6577
unspecified vulnerability
xml developer's kit
oracle database server
remote authenticated users
confidentiality
xxe vulnerability
xml parser
internal port scanning
ssrf attacks
denial of service
january 2015 cpu
nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0.004

Percentile

72.7%

JSON

Unspecified vulnerability in the XML Developer’s Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the original researcher’s claim that this is an XML external entity (XXE) vulnerability in the XML parser, which allows attackers to conduct internal port scanning, perform SSRF attacks, or cause a denial of service via a crafted (1) http: or (2) ftp: URI.

Affected configurations

Nvd
Node
oracledatabase_serverMatch11.2.0.3
OR
oracledatabase_serverMatch11.2.0.4
OR
oracledatabase_serverMatch12.1.0.1
OR
oracledatabase_serverMatch12.1.0.2
VendorProductVersionCPE
oracledatabase_server11.2.0.3cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*
oracledatabase_server11.2.0.4cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
oracledatabase_server12.1.0.1cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*
oracledatabase_server12.1.0.2cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*

Social References

More

Related

prion 1
nvd 1
cvelist 1
openvas 1
nessus 1
ibm 1
securityvulns 1
oracle 1
prion
prion
Xxe
2015-01-21 15:28:00
nvd
nvd
CVE-2014-6577
2015-01-21 15:28:16
cvelist
cvelist
CVE-2014-6577
2015-01-21 15:00:00
openvas
openvas
Oracle Database Server Multiple Unspecified Vulnerabilities -06 (Jan 2016)
2016-01-25 00:00:00
nessus
nessus
Oracle Database Multiple Vulnerabilities (January 2015 CPU)
2015-01-22 00:00:00
ibm
ibm
Security Bulletin: IBM OpenPages Platform with Database is affected by multiple vulnerabilities
2018-06-15 22:42:21
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-01-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0.004

Percentile

72.7%

JSON
Related for CVE-2014-6577
prion1nvd1cvelist1openvas1nessus1ibm1securityvulns1oracle1