Vulnerability Details : CVE-2014-6577
Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 126.96.36.199, 188.8.131.52, 184.108.40.206, and 220.127.116.11 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the original researcher's claim that this is an XML external entity (XXE) vulnerability in the XML parser, which allows attackers to conduct internal port scanning, perform SSRF attacks, or cause a denial of service via a crafted (1) http: or (2) ftp: URI.
Vulnerability category: XML external entity (XXE) injectionServer-side request forgery (SSRF) Denial of service
Threat overview for CVE-2014-6577
Top countries where our scanners detected CVE-2014-6577
Top open port discovered on systems with this issue 1521
IPs affected by CVE-2014-6577 24,162
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2014-6577!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-6577
Probability of exploitation activity in the next 30 days: 0.37%
CVSS scores for CVE-2014-6577
|Base Score||Base Severity||CVSS Vector||Exploitability Score||Impact Score||Source|
References for CVE-2014-6577
Oracle Database Multiple Flaws Let Remote Authenticated Users Access Data, Partially Modify Data, Gain Elevated Privileges, and Deny Service - SecurityTracker
Oracle Critical Patch Update - January 2015Patch;Vendor Advisory
Oracle Database Server CVE-2014-6577 Remote Security Vulnerability
Advisory: XXE Injection in Oracle Database (CVE-2014-6577)Exploit
Products affected by CVE-2014-6577