Lucene search

[email protected]CVE-2013-1495

HistoryMar 18, 2013 - 9:55 p.m.

CVE-2013-1495

2013-03-1821:55:01

CWE-59

[email protected]

web.nvd.nist.gov

cve

2013

1495

oracle

auto service request

symlink attack

vulnerability

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.7%

JSON

asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp.

Affected configurations

NVD

Node

oraclesupport_toolsRange≤4.3.2

CPENameOperatorVersion
oracle:support_toolsoracle support toolsle4.3.2

CPE	Name	Operator	Version
oracle:support_tools	oracle support tools	le	4.3.2

References

seclists.org/fulldisclosure/2013/Feb/159

www.mandriva.com/security/advisories?name=MDVSA-2013:150

www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.7%

JSON

Related for CVE-2013-1495

nvd1 cvelist1 prion1 securityvulns1 oracle1