cvelistv5 - cve-2016-5449

CVE-2016-5449 (GCVE-0-2016-5449)

Vulnerability from cvelistv5

Published

2016-07-21 10:00

Modified

2024-10-11 20:38

Severity ?

CWE

Summary

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection.

References

URL

Tags

	http://www.securityfocus.com/bid/91986	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1036408	vdb-entry, x_refsource_SECTRACK
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/91787	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:01:00.335Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "91986",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91986"
          },
          {
            "name": "1036408",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036408"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2016-5449",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T20:09:48.917326Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T20:38:23.664Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-31T09:57:01.000Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "91986",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91986"
        },
        {
          "name": "1036408",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036408"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-5449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "91986",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91986"
            },
            {
              "name": "1036408",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036408"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "91787",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91787"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-5449",
    "datePublished": "2016-07-21T10:00:00.000Z",
    "dateReserved": "2016-06-16T00:00:00.000Z",
    "dateUpdated": "2024-10-11T20:38:23.664Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2016-AVI-244

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Oracle Sun Systems Products Suite. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Sun Blade 6000 Ethernet Switched NEM 24P 10GE version 1.2
Oracle	N/A	Commutateurs de Passerelle Sun Network QDR InfiniBand versions antérieures à 2.2.2
Oracle	N/A	Commutateurs Oracle ES1-24 version 1.3
Oracle	N/A	Commutateurs Ethernet 40G 10G 72/64 version 2.0.0
Oracle	N/A	Serveurs Fujitsu M10-1, M10-4, M10-4S exécutant XCP versions antérieures à XCP2320
Oracle	N/A	Commutateurs Sun Network 10GE 72p version 1.2
Oracle	N/A	Oracle Solaris versions 10 et 11.3
Oracle	N/A	Serveurs SPARC Enterprise M3000, M4000, M5000, M8000, M9000 exécutant XCP versions antérieures à XCP1121
Oracle	N/A	Commutateurs Sun Data Center InfiniBand versions antérieures à 2.2.2
Oracle	N/A	Oracle Integrated Lights Out Manager (ILOM) versions 3.0, 3.1 et 3.2
Oracle	N/A	Oracle Solaris Cluster versions 3.4 et 4.3

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2016-2881720 du 19 juillet 2016	None	vendor-advisory
Bulletin de sécurité Oracle cpujul2016verbose-2881721 du 19 juillet 2016	-	other
Bulletin de sécurité Oracle cpujul2016-2881720 du 19 juillet 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sun Blade 6000 Ethernet Switched NEM 24P 10GE version 1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Commutateurs de Passerelle Sun Network QDR InfiniBand versions ant\u00e9rieures \u00e0 2.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Commutateurs Oracle ES1-24 version 1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Commutateurs Ethernet 40G 10G 72/64 version 2.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Serveurs Fujitsu M10-1, M10-4, M10-4S ex\u00e9cutant XCP versions ant\u00e9rieures \u00e0 XCP2320",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Commutateurs Sun Network 10GE 72p version 1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Solaris versions 10 et 11.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Serveurs SPARC Enterprise M3000, M4000, M5000, M8000, M9000 ex\u00e9cutant XCP versions ant\u00e9rieures \u00e0 XCP1121",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Commutateurs Sun Data Center InfiniBand versions ant\u00e9rieures \u00e0 2.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Integrated Lights Out Manager (ILOM) versions 3.0, 3.1 et 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Solaris Cluster versions 3.4 et 4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-3410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3410"
    },
    {
      "name": "CVE-2016-3451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3451"
    },
    {
      "name": "CVE-2016-5448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5448"
    },
    {
      "name": "CVE-2015-5600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
    },
    {
      "name": "CVE-2014-3566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
    },
    {
      "name": "CVE-2016-5457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5457"
    },
    {
      "name": "CVE-2015-1793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1793"
    },
    {
      "name": "CVE-2015-3183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3183"
    },
    {
      "name": "CVE-2016-3584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3584"
    },
    {
      "name": "CVE-2016-5452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5452"
    },
    {
      "name": "CVE-2016-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
    },
    {
      "name": "CVE-2016-3497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3497"
    },
    {
      "name": "CVE-2016-5446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5446"
    },
    {
      "name": "CVE-2015-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
    },
    {
      "name": "CVE-2016-5449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5449"
    },
    {
      "name": "CVE-2013-2566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
    },
    {
      "name": "CVE-2016-3585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3585"
    },
    {
      "name": "CVE-2015-8104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8104"
    },
    {
      "name": "CVE-2015-3197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3197"
    },
    {
      "name": "CVE-2016-3453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3453"
    },
    {
      "name": "CVE-2016-5469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5469"
    },
    {
      "name": "CVE-2016-3481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3481"
    },
    {
      "name": "CVE-2016-5447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5447"
    },
    {
      "name": "CVE-2016-5454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5454"
    },
    {
      "name": "CVE-2016-5445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5445"
    },
    {
      "name": "CVE-2016-5471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5471"
    },
    {
      "name": "CVE-2016-5453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5453"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2016-3480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3480"
    }
  ],
  "initial_release_date": "2016-07-20T00:00:00",
  "last_revision_date": "2016-07-20T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2016verbose-2881721 du 19    juillet 2016",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016verbose-2881721.html#SUNS"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2016-2881720 du 19    juillet 2016",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
    }
  ],
  "reference": "CERTFR-2016-AVI-244",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-07-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Sun Systems Products Suite\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Sun Systems Products Suite",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2016-2881720 du 19 juillet 2016",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-5449 (GCVE-0-2016-5449)

Vulnerability from cvelistv5

CERTFR-2016-AVI-244

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature