Vulnerability Name:

CVE-2013-5763 (CCN-88557)

Assigned:2013-10-15
Published:2013-10-15
Updated:2018-10-12
Summary:Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance.
Note: the original disclosure of this issue erroneously mapped it to CVE-2013-3624.
Per: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

"Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8."
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:1.5 Low (CVSS v2 Vector: AV:L/AC:M/Au:S/C:N/I:N/A:P)
1.1 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2013-5763

Source: CCN
Type: SA56137
IBM Content Analytics with Enterprise Search Two Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
56237

Source: SECUNIA
Type: UNKNOWN
56241

Source: SECUNIA
Type: UNKNOWN
56243

Source: CCN
Type: SA56671
IBM Content Manager Enterprise Edition Two Buffer Overflow Vulnerabilities

Source: CCN
Type: Microsoft Security Bulletin MS13-105
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)

Source: CCN
Type: Microsoft Security Bulletin MS14-075
Vulnerability in Microsoft Exchange Server Could Allow Security Feature Bypass (3009712)

Source: CCN
Type: Microsoft Security Bulletin MS16-079
Security Update for Microsoft Exchange Server (3160339)

Source: CCN
Type: Microsoft Security Bulletin MS16-108
Security Update for Microsoft Exchange Server (3185883)

Source: CCN
Type: Microsoft Security Bulletin MS17-015
Security Update for Microsoft Exchange Server (4013242)

Source: CCN
Type: IBM security Bulletin 1659215
Security Bulletin: Two vulnerabilities in IBM Content Analytics with Enterprise Search (CVE-2013-5791, CVE-2013-5763)

Source: CCN
Type: IBM security Bulletin 1659481
eDiscovery Manager (CVE-2013-5791 and CVE-2013-5763)

Source: CCN
Type: IBM security Bulletin 1660219
IBM FileNet Content Manager and IBM Content Foundation – Oracle Outside In Technology security vulnerabilities (CVE-2013-5791, CVE-2013-5763)

Source: CCN
Type: IBM security Bulletin 1660225
IBM Content Navigator Potential Oracle Outside In Technology Security vulnerabilities (CVE-2013-5791 and CVE-2013-5763)

Source: CCN
Type: IBM security Bulletin 1660640
Fix available for security vulnerabilities in Oracle Outside In Technology Code contained in IBM WebSphere Portal

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21660640

Source: CCN
Type: IBM security Bulletin 1660964
Content Manager Enterprise Edition and use of Oracle Outside In Technology Security Vulnerability (CVE-2013-5791, CVE-2013-5763)

Source: CCN
Type: IBM security Bulletin 1661404
Security Bulletin eDiscovery Analyzer (CVE-2013-5791 and CVE-2013-5763)

Source: CCN
Type: IBM security Bulletin 1661474
IBM Content Collector affected by vulnerabilities in Oracle Outside In Technology (CVE-2013-5791, CVE-2013-5763)

Source: CCN
Type: IBM Security Bulletin 1669459
IBM Connections Security Refresh for security vulnerabilities in Oracle Outside In Technology Code (CVE-2013-5791 CVE-2013-5763 CVE-2013-5879)

Source: CCN
Type: US-CERT VU#959313
Oracle Outside In OS/2 Metafile parser stack buffer overflow

Source: CCN
Type: Oracle Web site
Oracle Critical Patch Update - October 2013

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

Source: BID
Type: UNKNOWN
63741

Source: CCN
Type: BID-63741
Oracle Outside In Technology CVE-2013-5763 Stack Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1029190

Source: MS
Type: UNKNOWN
MS13-105

Source: XF
Type: UNKNOWN
oracle-cpuoct2013-cve20135763-bo(88557)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:fusion_middleware:8.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:outside_in_technology:8.4.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:content_manager:8.4.3::~~enterprise~~~:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2007:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2010:sp2:*:*:*:*:*:*
  • OR cpe:/a:ibm:connections:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2013:cumulative_update_2:*:*:*:*:*:*
  • OR cpe:/a:ibm:filenet_content_manager:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:connections:3.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:connections:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:exchange_server:2013:cumulative_update_3:*:*:*:*:*:*
  • OR cpe:/a:ibm:content_navigator:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:content_navigator:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:filenet_content_manager:5.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:7.0.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:21058
    V
    		Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-5763) - MS13-105
    2014-01-20
    BACK
    oracle fusion middleware 8.4
    oracle outside in technology 8.4.0
    ibm content manager 8.4.3
    microsoft exchange server 2007 sp3
    microsoft exchange server 2010 sp2
    ibm connections 4.5
    microsoft exchange server 2013 cumulative_update_2
    ibm filenet content manager 5.2.0
    ibm connections 3.0.1.1
    ibm connections 4.0
    microsoft exchange server 2010 sp3
    microsoft exchange server 2013 cumulative_update_3
    ibm content navigator 2.0.1
    ibm content navigator 2.0.2
    ibm filenet content manager 5.1.0
    ibm websphere portal 8.0
    ibm websphere portal 7.0.0.0 -
    ibm websphere portal 6.1.5.0
    ibm websphere portal 6.1.0
    ibm websphere portal 6.0.1.6
    ibm websphere portal 6.0.0