VDB
CVE-2014-6567
CVE-2014-6567
PUBLISHED
CVSS 9 CRITICAL
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command.
EPSS 7.05% · 91.7th percentile
Risk Scores
CVSS 2.0
9
EPSS Score
7.05%
91.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| oracle | database_server | 11.2.0.3, 11.2.0.4, 12.1.0.1 |
Exploit Intelligence
- Automated Oracle CVE-2014-6577 exploitation via SQLi (github-poc)
- Automated Oracle CVE-2014-6577 exploitation via SQLi (github-poc)
- Automated Oracle CVE-2014-6577 exploitation via SQLi (github-poc)
- Automated Oracle CVE-2014-6577 exploitation via SQLi (github-poc)
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html (circl)
- http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdf (circl)
- 1031572 (circl)
- 72134 (circl)
Timeline
- Jan 21, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score