CVE-2016-5537 : Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware

Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.

Published 2016-10-25 14:30:13

Updated 2025-04-12 10:46:41

Source Oracle

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2016-5537

Oracle » Netbeans » Version: 8.1
cpe:2.3:a:oracle:netbeans:8.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-5537

EPSS FAQ

0.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 32 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-5537

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
5.7	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L	1.5	3.7	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: Low Integrity: Low Availability: Low

References for CVE-2016-5537

http://hyp3rlinx.altervista.org/advisories/ORACLE-NETBEANS-IDE-DIRECTORY-TRAVERSAL.txt

Exploit;Third Party Advisory
http://www.securityfocus.com/bid/93686

Oracle Fusion Middleware CVE-2016-5537 Local Security Vulnerability
Third Party Advisory;VDB Entry
https://www.exploit-db.com/exploits/40588/

Oracle Netbeans IDE 8.1 - Directory Traversal
Exploit;Third Party Advisory;VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Oracle Critical Patch Update - October 2016
Patch;Vendor Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/139259/Oracle-Netbeans-IDE-8.1-Directory-Traversal.html

Oracle Netbeans IDE 8.1 Directory Traversal ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1037051

Oracle Fusion Middleware Bugs Let Remote and Local Users Access and Modify Data and Deny Service and Let Remote Users Gain Elevated Privileges - SecurityTracker

CVEs referencing this url
http://www.securityfocus.com/archive/1/539615/100/0/threaded

SecurityFocus

Jump to

Vulnerability Details : CVE-2016-5537

Products affected by CVE-2016-5537

Exploit prediction scoring system (EPSS) score for CVE-2016-5537

CVSS scores for CVE-2016-5537

References for CVE-2016-5537