// For flags

CVE-2014-6567

 

Severity Score

9.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command.

Vulnerabilidad no especificada en el componente Core RDBMS de Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios remotos autenticados afectar la confidencialidad, integridad, y disponibilidad a través de vectores desconocidos. NOTA: la información anterior es de la CPU de enero del 2015. Oracle no ha comentado sobre la declaración del investigador original de que esto se trata de un desbordamiento de buffer basado en pila en DBMS_AW.EXECUTE, lo que permite la extensión de código a través de un comando Current Directory Alias (CDA) largo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-09-17 CVE Reserved
  • 2015-01-21 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-10-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
11.1.0.7
Search vendor "Oracle" for product "Database Server" and version "11.1.0.7"
-
Affected
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
11.2.0.3
Search vendor "Oracle" for product "Database Server" and version "11.2.0.3"
-
Affected
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
11.2.0.4
Search vendor "Oracle" for product "Database Server" and version "11.2.0.4"
-
Affected
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
12.1.0.1
Search vendor "Oracle" for product "Database Server" and version "12.1.0.1"
-
Affected
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
12.1.0.2
Search vendor "Oracle" for product "Database Server" and version "12.1.0.2"
-
Affected