Vulnerability CVE-2015-4877 - CERT Civis.Net

Vulnerability Name:

CVE-2015-4877 (CCN-107301)

Assigned:

2015-10-20

Published:

2015-10-20

Updated:

2018-10-09

Summary:

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4878.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

1.5 Low (CVSS v2 Vector: AV:L/AC:M/Au:S/C:N/I:N/A:P)
1.1 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2015-4877

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/134089/Oracle-Outside-In-Buffer-Overflow.html

Source: CCN
Type: Secunia Research Advisory 2015-04
Oracle Outside In Two Buffer Overflow Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 1969427
Four vulnerabilities exist in IBM FileNet Content Manager and IBM Content Foundation (CVE-2015-4809, CVE-2015-4811, CVE-2015-4877, CVE-2015-4878)

Source: CCN
Type: IBM Security Bulletin 1975750 (WebSphere Portal)
Vulnerabilities in Oracle Outside In Technology affect IBM WebSphere Portal

Source: CCN
Type: Oracle Critical Patch Update Advisory - October 2015
Oracle Critical Patch Update Advisory - October 2015

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Source: BUGTRAQ
Type: UNKNOWN
20151026 Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities

Source: BID
Type: UNKNOWN
77130

Source: CCN
Type: BID-77130
Oracle Fusion Middleware CVE-2015-4877 Local Security Vulnerability

Source: SECTRACK
Type: UNKNOWN
1033898

Source: XF
Type: UNKNOWN
oracle-cpuoct2015-cve20154877-bo(107301)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [11-23-2015]

Source: EXPLOIT-DB
Type: UNKNOWN
38788

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:fusion_middleware:8.5.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:fusion_middleware:8.5.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:fusion_middleware:8.5.2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:outside_in_technology:8.5.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:outside_in_technology:8.5.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*

AND

cpe:/a:ibm:websphere_portal:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:filenet_content_manager:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:filenet_content_manager:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_portal:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:filenet_content_manager:5.2.1:*:*:*:*:*:*:*

Denotes that component is vulnerable