CVE-2015-6015

2016-01-2215:59:02

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

High

EPSS

0.014

Percentile

86.2%

JSON

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted Paradox DB file.

Affected configurations

Nvd

Node

oracleoutside_in_technologyMatch8.5.0

oracleoutside_in_technologyMatch8.5.1

oracleoutside_in_technologyMatch8.5.2

VendorProductVersionCPE
oracleoutside_in_technology8.5.0cpe:2.3:a:oracle:outside_in_technology:8.5.0:*:*:*:*:*:*:*
oracleoutside_in_technology8.5.1cpe:2.3:a:oracle:outside_in_technology:8.5.1:*:*:*:*:*:*:*
oracleoutside_in_technology8.5.2cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	outside_in_technology	8.5.0	cpe:2.3:a:oracle:outside_in_technology:8.5.0:::::::*
oracle	outside_in_technology	8.5.1	cpe:2.3:a:oracle:outside_in_technology:8.5.1:::::::*
oracle	outside_in_technology	8.5.2	cpe:2.3:a:oracle:outside_in_technology:8.5.2:::::::*