CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. Successful attacks of this vulnerability can result in takeover of Oracle Solaris.
While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris.
Supported versions that are affected are 10 and 11. Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). An attacker could send an HTTP request to exploit this vulnerability. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. The flaw lies in the way the safe browsing function parses HTTP requests. An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003.
0 kommentar(er)
