Short Name |
HTTP:ORACLE:OUTSIDE-PRDOX-BO2 |
---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Outside In Paradox Database Handling Buffer Overflow 2 |
Release Date |
2016/02/09 |
Update Number |
2642 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vsrx-12.1+ |
This signature detects attempts to exploit a known vulnerability in Oracle Outside In. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value.