Signature Detail
Short Name |
HTTP:ORACLE:OUTSIDE-IN-PRDOX-BO |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Outside In Paradox Database Handling Buffer Overflow |
Release Date |
2013/02/11 |
Update Number |
2232 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Oracle Outside In Paradox Database Handling Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Oracle Outside In. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Extended Description
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value.
Affected Products
- microsoft exchange_server 2007 (sp3)
- microsoft exchange_server 2010 (sp2)
- oracle fusion_middleware 8.3.7.0
- oracle fusion_middleware 8.4
References
- BugTraq: 57364
- CVE: CVE-2013-0418