Short Name |
HTTP:ORACLE:OUTSIDEIN-MET-BOF |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Outside In OS 2 Metafile Parser Stack Buffer Overflow |
Release Date |
2013/11/05 |
Update Number |
2317 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Oracle Outside-In. The vulnerability is due to a boundary error while processing OS/2 Metafiles. Oracle Outside-In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable libraries to handle a malformed files. Depending on the application, user interaction may be required. Successful exploitation can result in execution of arbitrary code or a denial of service condition in the context of the affected application.
Per: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html "Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS Base Score would increase to 6.8."