Details of VAR-201604-0434

ID

VAR-201604-0434

CVE

CVE-2016-3081

TITLE

Apache Struts2 Arbitrary code execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-002326

DESCRIPTION

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. Apache Struts2 Contains a vulnerability that allows execution of arbitrary code. Note that this vulnerability was used proof-of-concept The code has been released. National Vulnerability Database (NVD) Then CWE-77 It is published as CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) http://cwe.mitre.org/data/definitions/77.htmlA remote attacker could execute arbitrary code on the server where the product is running. Apache Struts is prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system

Trust: 2.25

sources: NVD: CVE-2016-3081 // JVNDB: JVNDB-2016-002326 // BID: 87327 // BID: 91787 // VULMON: CVE-2016-3081

AFFECTED PRODUCTS

vendor:	apache	model:	struts	scope:	eq	version:	2.3.14	Trust: 1.9
vendor:	apache	model:	struts	scope:	eq	version:	2.2.3.1	Trust: 1.9
vendor:	apache	model:	struts	scope:	eq	version:	2.3.1	Trust: 1.9
vendor:	apache	model:	struts	scope:	eq	version:	2.3.14.1	Trust: 1.9
vendor:	apache	model:	struts	scope:	eq	version:	2.2.3	Trust: 1.9
vendor:	apache	model:	struts	scope:	eq	version:	2.3.1.2	Trust: 1.9
vendor:	apache	model:	struts	scope:	eq	version:	2.3.14.2	Trust: 1.9
vendor:	apache	model:	struts	scope:	eq	version:	2.3.14.3	Trust: 1.9
vendor:	apache	model:	struts	scope:	eq	version:	2.2.1	Trust: 1.6
vendor:	oracle	model:	micros retail xbri loss prevention	scope:	eq	version:	10.0.1	Trust: 1.4
vendor:	oracle	model:	micros retail xbri loss prevention	scope:	eq	version:	10.8.1	Trust: 1.4
vendor:	apache	model:	struts	scope:	eq	version:	2.3.16.2	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.12	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.10	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.11.1	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.1.8	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.2	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.20.1	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.1.4	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.8	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.1.1	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.16.3	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.20	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.1.1	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.1	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.1.2	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.15	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.4	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.28	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.24	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.8	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.3	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.1.5	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.13	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.11	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.15.2	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.4	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.6	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.15.1	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.15.3	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.1.3	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.16	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.1.8.1	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.1.6	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.7	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.7	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.5	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.14	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.16.1	Trust: 1.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0.9	Trust: 1.3
vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	12.0.1	Trust: 1.1
vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	2.0.1	Trust: 1.1
vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	12.0.3	Trust: 1.1
vendor:	apache	model:	struts	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	apache	model:	struts	scope:	eq	version:	2.3.3	Trust: 1.0
vendor:	apache	model:	struts	scope:	eq	version:	2.3.24.1	Trust: 1.0
vendor:	apache	model:	struts	scope:	eq	version:	2.3.12	Trust: 1.0
vendor:	oracle	model:	siebel e-billing	scope:	eq	version:	7.1	Trust: 1.0
vendor:	apache	model:	struts	scope:	eq	version:	2.0.11.2	Trust: 1.0
vendor:	apache	model:	struts	scope:	eq	version:	2.1.0	Trust: 1.0
vendor:	apache	model:	struts	scope:	eq	version:	2.2.1.1	Trust: 1.0
vendor:	apache	model:	struts	scope:	eq	version:	2.3.4.1	Trust: 1.0
vendor:	oracle	model:	jre update	scope:	eq	version:	1.8.092	Trust: 0.9
vendor:	oracle	model:	jre update	scope:	eq	version:	1.8.091	Trust: 0.9
vendor:	oracle	model:	jre update	scope:	eq	version:	1.7.0101	Trust: 0.9
vendor:	oracle	model:	jre update	scope:	eq	version:	1.6.0115	Trust: 0.9
vendor:	oracle	model:	jdk update	scope:	eq	version:	1.8.092	Trust: 0.9
vendor:	oracle	model:	jdk update	scope:	eq	version:	1.8.091	Trust: 0.9
vendor:	oracle	model:	jdk update	scope:	eq	version:	1.7.0101	Trust: 0.9
vendor:	oracle	model:	jdk update	scope:	eq	version:	1.6.0115	Trust: 0.9
vendor:	apache	model:	struts	scope:	lte	version:	2.3.20 from 2.3.28 (struts 2.3.20.3 and struts 2.3.24.3 except for )	Trust: 0.8
vendor:	oracle	model:	micros retail xbri loss prevention	scope:	eq	version:	10.5.0	Trust: 0.8
vendor:	oracle	model:	micros retail xbri loss prevention	scope:	eq	version:	10.6.0	Trust: 0.8
vendor:	oracle	model:	micros retail xbri loss prevention	scope:	eq	version:	10.7.0	Trust: 0.8
vendor:	oracle	model:	micros retail xbri loss prevention	scope:	eq	version:	10.8.0	Trust: 0.8
vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	12.1.0	Trust: 0.8
vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	2.0.0	Trust: 0.8
vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	2.2.0	Trust: 0.8
vendor:	oracle	model:	siebel	scope:	eq	version:	of siebel apps - e-billing 7.1	Trust: 0.8
vendor:	oracle	model:	micros retail xbri loss prevention	scope:	eq	version:	10.7	Trust: 0.6
vendor:	oracle	model:	micros retail xbri loss prevention	scope:	eq	version:	10.5	Trust: 0.6
vendor:	oracle	model:	micros retail xbri loss prevention	scope:	eq	version:	10.8	Trust: 0.6
vendor:	oracle	model:	micros retail xbri loss prevention	scope:	eq	version:	10.6	Trust: 0.6
vendor:	ibm	model:	infosphere metadata workbench	scope:	eq	version:	8.5	Trust: 0.3
vendor:	huawei	model:	oceanstor n8500 v200r001c09spc506	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	oceanstor onebox v100r003c10	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	infosphere information server	scope:	eq	version:	11.5	Trust: 0.3
vendor:	ibm	model:	infosphere information server	scope:	eq	version:	8.5	Trust: 0.3
vendor:	apache	model:	struts	scope:	ne	version:	2.3.20.2	Trust: 0.3
vendor:	apache	model:	struts	scope:	eq	version:	2.0	Trust: 0.3
vendor:	huawei	model:	agile controller-campus v100r002c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r003c10spc100	scope:	ne	version:	18800v3	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r003c10	scope:	ne	version:	5600	Trust: 0.3
vendor:	huawei	model:	oceanstor v100r001c01	scope:	eq	version:	9000	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r003c10spc100	scope:	ne	version:	18500v3	Trust: 0.3
vendor:	ibm	model:	infosphere information governance catalog	scope:	eq	version:	11.3	Trust: 0.3
vendor:	huawei	model:	oceanstor n8500 v200r001c91spc900	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	2.2	Trust: 0.3
vendor:	huawei	model:	anyoffice v200r006c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r003c10	scope:	ne	version:	5300	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r003c00	scope:	eq	version:	5300v3	Trust: 0.3
vendor:	huawei	model:	oceanstor onebox v100r005c00	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r003c10	scope:	ne	version:	5500	Trust: 0.3
vendor:	oracle	model:	siebel apps e-billing	scope:	eq	version:	-7.1	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r003c10	scope:	ne	version:	5800	Trust: 0.3
vendor:	huawei	model:	oceanstor	scope:	eq	version:	5800v30	Trust: 0.3
vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	12.1	Trust: 0.3
vendor:	huawei	model:	agile controller-campus v100r002c00spc107	scope:	ne	version:	-	Trust: 0.3
vendor:	apache	model:	struts	scope:	eq	version:	2.3.41	Trust: 0.3
vendor:	huawei	model:	logcenter v100r001c20spc102	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r003c10	scope:	ne	version:	5800v3	Trust: 0.3
vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	2.0	Trust: 0.3
vendor:	huawei	model:	anyoffice emm v200r006c00spc101	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r001c20	scope:	eq	version:	5300v3	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r003c10	scope:	eq	version:	18500v3	Trust: 0.3
vendor:	huawei	model:	oceanstor n8500 v200r001c09	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	infosphere information governance catalog	scope:	eq	version:	11.5	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r005c00	scope:	eq	version:	9000	Trust: 0.3
vendor:	ibm	model:	infosphere metadata workbench	scope:	eq	version:	9.1	Trust: 0.3
vendor:	ibm	model:	infosphere information server	scope:	eq	version:	9.1	Trust: 0.3
vendor:	huawei	model:	firehunter6000 v100r001c20	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	infosphere metadata workbench	scope:	eq	version:	8.7	Trust: 0.3
vendor:	huawei	model:	oceanstor n8500 v200r001c91spc205	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	agile controller-campus v100r002c00spc106t	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	oceanstor n8500 v200r001c91spc902	scope:	ne	version:	-	Trust: 0.3
vendor:	ibm	model:	infosphere information server	scope:	eq	version:	8.7	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r003c10	scope:	ne	version:	6800v3	Trust: 0.3
vendor:	apache	model:	struts	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apache	model:	struts	scope:	eq	version:	2.1	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r003c10	scope:	eq	version:	18800	Trust: 0.3
vendor:	huawei	model:	oceanstor n8500 v200r001c91spc901	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	logcenter v100r001c20	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	struts	scope:	ne	version:	2.3.24.2	Trust: 0.3
vendor:	apache	model:	struts	scope:	eq	version:	2.2.11	Trust: 0.3
vendor:	huawei	model:	oceanstor v100r001c30	scope:	eq	version:	9000	Trust: 0.3
vendor:	ibm	model:	infosphere information server	scope:	eq	version:	11.3	Trust: 0.3
vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	12.0.2	Trust: 0.3
vendor:	huawei	model:	oceanstor v300r002c10	scope:	eq	version:	5300v3	Trust: 0.3
vendor:	huawei	model:	oceanstor n8500 v200r001c91	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	anyoffice v200r005c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	oceanstor n8500 v200r001c09spc505	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	firehunter6000 v100r001c20spc106t	scope:	ne	version:	-	Trust: 0.3
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1	Trust: 0.3
vendor:	oracle	model:	weblogic server	scope:	eq	version:	10.3.60	Trust: 0.3
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.1.3.0	Trust: 0.3
vendor:	oracle	model:	webcenter sites	scope:	eq	version:	11.1.18.0	Trust: 0.3
vendor:	oracle	model:	webcenter sites	scope:	eq	version:	12.2.1.0	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.16	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.14	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.13	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.12	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.11	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.10	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.9	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.8	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.18	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0	Trust: 0.3
vendor:	oracle	model:	utilities work and asset management	scope:	eq	version:	1.9.1.2.8	Trust: 0.3
vendor:	oracle	model:	utilities network management system	scope:	eq	version:	1.12.0.3.5	Trust: 0.3
vendor:	oracle	model:	utilities network management system	scope:	eq	version:	1.12.0.2.12	Trust: 0.3
vendor:	oracle	model:	utilities network management system	scope:	eq	version:	1.12.0.1.16	Trust: 0.3
vendor:	oracle	model:	utilities network management system	scope:	eq	version:	1.11.0.5.4	Trust: 0.3
vendor:	oracle	model:	utilities network management system	scope:	eq	version:	1.11.0.4.41	Trust: 0.3
vendor:	oracle	model:	utilities network management system	scope:	eq	version:	1.10.0.6.27	Trust: 0.3
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.3.0.2.0	Trust: 0.3
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.3.0.1.0	Trust: 0.3
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.2.0.3.0	Trust: 0.3
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.2.0.2.0	Trust: 0.3
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.2.0.1.0	Trust: 0.3
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.1.0.2.0	Trust: 0.3
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.1.0.1.0	Trust: 0.3
vendor:	oracle	model:	utilities framework	scope:	eq	version:	2.2.0.0.0	Trust: 0.3
vendor:	oracle	model:	transportation management	scope:	eq	version:	6.4.1	Trust: 0.3
vendor:	oracle	model:	transportation management	scope:	eq	version:	6.4	Trust: 0.3
vendor:	oracle	model:	transportation management	scope:	eq	version:	6.3.5	Trust: 0.3
vendor:	oracle	model:	transportation management	scope:	eq	version:	6.3.4	Trust: 0.3
vendor:	oracle	model:	transportation management	scope:	eq	version:	6.3.3	Trust: 0.3
vendor:	oracle	model:	transportation management	scope:	eq	version:	6.3.2	Trust: 0.3
vendor:	oracle	model:	transportation management	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	oracle	model:	transportation management	scope:	eq	version:	6.3.7	Trust: 0.3
vendor:	oracle	model:	transportation management	scope:	eq	version:	6.3.6	Trust: 0.3
vendor:	oracle	model:	transportation management	scope:	eq	version:	6.3	Trust: 0.3
vendor:	oracle	model:	switch es1-24	scope:	eq	version:	1.3	Trust: 0.3
vendor:	oracle	model:	sun network qdr infiniband gateway switch	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	sun network 10ge switch 72p	scope:	eq	version:	1.2	Trust: 0.3
vendor:	oracle	model:	sun data center infiniband switch	scope:	eq	version:	362.2.2	Trust: 0.3
vendor:	oracle	model:	sun blade ethernet switched nem 24p 10ge	scope:	eq	version:	60001.2	Trust: 0.3
vendor:	oracle	model:	sparc enterprise m9000 xcp	scope:	eq	version:	1118	Trust: 0.3
vendor:	oracle	model:	sparc enterprise m9000 xcp	scope:	eq	version:	1117	Trust: 0.3
vendor:	oracle	model:	sparc enterprise m8000 xcp	scope:	eq	version:	1118	Trust: 0.3
vendor:	oracle	model:	sparc enterprise m8000 xcp	scope:	eq	version:	1117	Trust: 0.3
vendor:	oracle	model:	sparc enterprise m5000 xcp	scope:	eq	version:	1118	Trust: 0.3
vendor:	oracle	model:	sparc enterprise m5000 xcp	scope:	eq	version:	1117	Trust: 0.3
vendor:	oracle	model:	sparc enterprise m4000 xcp	scope:	eq	version:	1118	Trust: 0.3
vendor:	oracle	model:	sparc enterprise m4000 xcp	scope:	eq	version:	1117	Trust: 0.3
vendor:	oracle	model:	sparc enterprise m3000 xcp	scope:	eq	version:	1118	Trust: 0.3
vendor:	oracle	model:	sparc enterprise m3000 xcp	scope:	eq	version:	1117	Trust: 0.3
vendor:	oracle	model:	solaris cluster	scope:	eq	version:	4.3	Trust: 0.3
vendor:	oracle	model:	solaris cluster	scope:	eq	version:	3.3	Trust: 0.3
vendor:	oracle	model:	solaris	scope:	eq	version:	11.3	Trust: 0.3
vendor:	oracle	model:	solaris	scope:	eq	version:	10	Trust: 0.3
vendor:	oracle	model:	siebel applications	scope:	eq	version:	8.2.2	Trust: 0.3
vendor:	oracle	model:	siebel applications ip2016	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	siebel applications ip2015	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	siebel applications ip2014	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	siebel applications	scope:	eq	version:	8.5	Trust: 0.3
vendor:	oracle	model:	siebel applications	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	5.2	Trust: 0.3
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	4.71	Trust: 0.3
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	4.63	Trust: 0.3
vendor:	oracle	model:	retail store inventory management	scope:	eq	version:	14.1	Trust: 0.3
vendor:	oracle	model:	retail store inventory management	scope:	eq	version:	14.0	Trust: 0.3
vendor:	oracle	model:	retail store inventory management	scope:	eq	version:	13.2	Trust: 0.3
vendor:	oracle	model:	retail store inventory management	scope:	eq	version:	13.1	Trust: 0.3
vendor:	oracle	model:	retail store inventory management	scope:	eq	version:	13.0	Trust: 0.3
vendor:	oracle	model:	retail store inventory management	scope:	eq	version:	12.0	Trust: 0.3
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	15.0	Trust: 0.3
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	14.1	Trust: 0.3
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	14.0	Trust: 0.3
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	13.2	Trust: 0.3
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	13.1	Trust: 0.3
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	13.0	Trust: 0.3
vendor:	oracle	model:	retail returns management	scope:	eq	version:	14.1	Trust: 0.3
vendor:	oracle	model:	retail returns management	scope:	eq	version:	14.0	Trust: 0.3
vendor:	oracle	model:	retail returns management	scope:	eq	version:	13.4	Trust: 0.3
vendor:	oracle	model:	retail returns management	scope:	eq	version:	13.3	Trust: 0.3
vendor:	oracle	model:	retail returns management	scope:	eq	version:	13.2	Trust: 0.3
vendor:	oracle	model:	retail returns management	scope:	eq	version:	13.1	Trust: 0.3
vendor:	oracle	model:	retail returns management	scope:	eq	version:	13.0	Trust: 0.3
vendor:	oracle	model:	retail returns management	scope:	eq	version:	12.0	Trust: 0.3
vendor:	oracle	model:	retail order broker	scope:	eq	version:	5.2	Trust: 0.3
vendor:	oracle	model:	retail order broker	scope:	eq	version:	5.1	Trust: 0.3
vendor:	oracle	model:	retail order broker	scope:	eq	version:	4.1	Trust: 0.3
vendor:	oracle	model:	retail order broker	scope:	eq	version:	15.0	Trust: 0.3
vendor:	oracle	model:	retail integration bus	scope:	eq	version:	15.0	Trust: 0.3
vendor:	oracle	model:	retail integration bus	scope:	eq	version:	14.1	Trust: 0.3
vendor:	oracle	model:	retail integration bus	scope:	eq	version:	14.0	Trust: 0.3
vendor:	oracle	model:	retail integration bus	scope:	eq	version:	13.2	Trust: 0.3
vendor:	oracle	model:	retail integration bus	scope:	eq	version:	13.1	Trust: 0.3
vendor:	oracle	model:	retail integration bus	scope:	eq	version:	13.0	Trust: 0.3
vendor:	oracle	model:	retail central office	scope:	eq	version:	14.1	Trust: 0.3
vendor:	oracle	model:	retail central office	scope:	eq	version:	14.0	Trust: 0.3
vendor:	oracle	model:	retail central office	scope:	eq	version:	13.4	Trust: 0.3
vendor:	oracle	model:	retail central office	scope:	eq	version:	13.3	Trust: 0.3
vendor:	oracle	model:	retail central office	scope:	eq	version:	13.2	Trust: 0.3
vendor:	oracle	model:	retail central office	scope:	eq	version:	13.1	Trust: 0.3
vendor:	oracle	model:	retail central office	scope:	eq	version:	13.0	Trust: 0.3
vendor:	oracle	model:	retail central office	scope:	eq	version:	12.0	Trust: 0.3
vendor:	oracle	model:	retail back office	scope:	eq	version:	14.1	Trust: 0.3
vendor:	oracle	model:	retail back office	scope:	eq	version:	14.0	Trust: 0.3
vendor:	oracle	model:	retail back office	scope:	eq	version:	13.4	Trust: 0.3
vendor:	oracle	model:	retail back office	scope:	eq	version:	13.3	Trust: 0.3
vendor:	oracle	model:	retail back office	scope:	eq	version:	13.2	Trust: 0.3
vendor:	oracle	model:	retail back office	scope:	eq	version:	13.1	Trust: 0.3
vendor:	oracle	model:	retail back office	scope:	eq	version:	13.0	Trust: 0.3
vendor:	oracle	model:	retail back office	scope:	eq	version:	12.0	Trust: 0.3
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	eq	version:	8.4	Trust: 0.3
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	eq	version:	8.3	Trust: 0.3
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	eq	version:	16.1	Trust: 0.3
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	eq	version:	15.2	Trust: 0.3
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	eq	version:	15.1	Trust: 0.3
vendor:	oracle	model:	primavera contract management	scope:	eq	version:	14.2	Trust: 0.3
vendor:	oracle	model:	portal	scope:	eq	version:	11.1.16.0	Trust: 0.3
vendor:	oracle	model:	policy automation for mobile devices	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	oracle	model:	policy automation connector for siebel	scope:	eq	version:	10.4.6	Trust: 0.3
vendor:	oracle	model:	policy automation connector for siebel	scope:	eq	version:	10.4.5	Trust: 0.3
vendor:	oracle	model:	policy automation connector for siebel	scope:	eq	version:	10.4.4	Trust: 0.3
vendor:	oracle	model:	policy automation connector for siebel	scope:	eq	version:	10.4.3	Trust: 0.3
vendor:	oracle	model:	policy automation connector for siebel	scope:	eq	version:	10.4.2	Trust: 0.3
vendor:	oracle	model:	policy automation connector for siebel	scope:	eq	version:	10.4.1	Trust: 0.3
vendor:	oracle	model:	policy automation connector for siebel	scope:	eq	version:	10.4	Trust: 0.3
vendor:	oracle	model:	policy automation connector for siebel	scope:	eq	version:	10.3	Trust: 0.3
vendor:	oracle	model:	policy automation	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	oracle	model:	policy automation	scope:	eq	version:	12.1	Trust: 0.3
vendor:	oracle	model:	policy automation	scope:	eq	version:	10.4.6	Trust: 0.3
vendor:	oracle	model:	policy automation	scope:	eq	version:	10.4.5	Trust: 0.3
vendor:	oracle	model:	policy automation	scope:	eq	version:	10.4.4	Trust: 0.3
vendor:	oracle	model:	policy automation	scope:	eq	version:	10.4.3	Trust: 0.3
vendor:	oracle	model:	policy automation	scope:	eq	version:	10.4.2	Trust: 0.3
vendor:	oracle	model:	policy automation	scope:	eq	version:	10.4.1	Trust: 0.3
vendor:	oracle	model:	policy automation	scope:	eq	version:	10.4	Trust: 0.3
vendor:	oracle	model:	policy automation	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	oracle	model:	policy automation	scope:	eq	version:	10.3	Trust: 0.3
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.55	Trust: 0.3
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.54	Trust: 0.3
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.53	Trust: 0.3
vendor:	oracle	model:	peoplesoft enterprise fscm	scope:	eq	version:	9.2	Trust: 0.3
vendor:	oracle	model:	peoplesoft enterprise fscm	scope:	eq	version:	9.1	Trust: 0.3
vendor:	oracle	model:	outside in technology	scope:	eq	version:	8.5.2	Trust: 0.3
vendor:	oracle	model:	outside in technology	scope:	eq	version:	8.5.1	Trust: 0.3
vendor:	oracle	model:	outside in technology	scope:	eq	version:	8.5.0	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.7	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.29	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.28	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.27	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.26	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.23	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.22	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.21	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.48	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.47	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.46	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.45	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.42	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.41	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.40	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.25	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.24	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.20	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.16	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6.15	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.6	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.44	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.43	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.36	Trust: 0.3
vendor:	oracle	model:	mysql server	scope:	eq	version:	5.5.35	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.12	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.30	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.5.49	Trust: 0.3
vendor:	oracle	model:	jrockit r28.3.10	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	jdeveloper	scope:	eq	version:	12.1.30	Trust: 0.3
vendor:	oracle	model:	jdeveloper	scope:	eq	version:	11.1.24.0	Trust: 0.3
vendor:	oracle	model:	jdeveloper	scope:	eq	version:	11.1.17.0	Trust: 0.3
vendor:	oracle	model:	jdeveloper	scope:	eq	version:	12.2.1.0.0	Trust: 0.3
vendor:	oracle	model:	jdeveloper	scope:	eq	version:	11.1.1.9.0	Trust: 0.3
vendor:	oracle	model:	jd edwards enterpriseone tools	scope:	eq	version:	9.2.0.5	Trust: 0.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.2	Trust: 0.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.1	Trust: 0.3
vendor:	oracle	model:	integrated lights out manager	scope:	eq	version:	3.0	Trust: 0.3
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	9.7.1	Trust: 0.3
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	9.6.1	Trust: 0.3
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	10.2.0	Trust: 0.3
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	9.7.1	Trust: 0.3
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	9.6.1	Trust: 0.3
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	10.2.0	Trust: 0.3
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	oracle	model:	insurance calculation engine	scope:	eq	version:	9.7.1	Trust: 0.3
vendor:	oracle	model:	insurance calculation engine	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	oracle	model:	insurance calculation engine	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	oracle	model:	in-memory policy analytics	scope:	eq	version:	12.0.1	Trust: 0.3
vendor:	oracle	model:	hyperion financial reporting	scope:	eq	version:	11.1.2.4	Trust: 0.3
vendor:	oracle	model:	http server 12c	scope:	eq	version:	12.1.3.0	Trust: 0.3
vendor:	oracle	model:	http server 11g	scope:	eq	version:	11.1.1.9	Trust: 0.3
vendor:	oracle	model:	healthcare master person index	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	oracle	model:	healthcare master person index	scope:	eq	version:	3.0.0	Trust: 0.3
vendor:	oracle	model:	healthcare master person index	scope:	eq	version:	2.0.12	Trust: 0.3
vendor:	oracle	model:	healthcare analytics data integration	scope:	eq	version:	3.1.0.0.0	Trust: 0.3
vendor:	oracle	model:	health sciences information manager	scope:	eq	version:	3.0.1.0	Trust: 0.3
vendor:	oracle	model:	health sciences information manager	scope:	eq	version:	2.0.2.3	Trust: 0.3
vendor:	oracle	model:	health sciences information manager	scope:	eq	version:	1.2.8.3	Trust: 0.3
vendor:	oracle	model:	health sciences clinical development center	scope:	eq	version:	3.1.2.0	Trust: 0.3
vendor:	oracle	model:	health sciences clinical development center	scope:	eq	version:	3.1.1.0	Trust: 0.3
vendor:	oracle	model:	glassfish server	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	oracle	model:	glassfish server	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	oracle	model:	glassfish server	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	11.1.23.0	Trust: 0.3
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	11.1.22.0	Trust: 0.3
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	11.1.18.0	Trust: 0.3
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	11.1.17.0	Trust: 0.3
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	12.2.1.0	Trust: 0.3
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	12.1.3.0.0	Trust: 0.3
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	11.1.1.9	Trust: 0.3
vendor:	oracle	model:	fusion applications	scope:	eq	version:	11.1.10	Trust: 0.3
vendor:	oracle	model:	fusion applications	scope:	eq	version:	11.1.9	Trust: 0.3
vendor:	oracle	model:	fusion applications	scope:	eq	version:	11.1.8	Trust: 0.3
vendor:	oracle	model:	fusion applications	scope:	eq	version:	11.1.7	Trust: 0.3
vendor:	oracle	model:	fusion applications	scope:	eq	version:	11.1.6	Trust: 0.3
vendor:	oracle	model:	fusion applications	scope:	eq	version:	11.1.5	Trust: 0.3
vendor:	oracle	model:	fusion applications	scope:	eq	version:	11.1.4	Trust: 0.3
vendor:	oracle	model:	fusion applications	scope:	eq	version:	11.1.3	Trust: 0.3
vendor:	oracle	model:	fusion applications	scope:	eq	version:	11.1.2	Trust: 0.3
vendor:	oracle	model:	fujitsu m10-4s server xcp	scope:	eq	version:	2290	Trust: 0.3
vendor:	oracle	model:	fujitsu m10-4s server xcp	scope:	eq	version:	2271	Trust: 0.3
vendor:	oracle	model:	fujitsu m10-4s server xcp	scope:	eq	version:	2230	Trust: 0.3
vendor:	oracle	model:	fujitsu m10-4 server xcp	scope:	eq	version:	2290	Trust: 0.3
vendor:	oracle	model:	fujitsu m10-4 server xcp	scope:	eq	version:	2271	Trust: 0.3
vendor:	oracle	model:	fujitsu m10-4 server xcp	scope:	eq	version:	2230	Trust: 0.3
vendor:	oracle	model:	fujitsu m10-1 server xcp	scope:	eq	version:	2290	Trust: 0.3
vendor:	oracle	model:	fujitsu m10-1 server xcp	scope:	eq	version:	2271	Trust: 0.3
vendor:	oracle	model:	fujitsu m10-1 server xcp	scope:	eq	version:	2230	Trust: 0.3
vendor:	oracle	model:	flexcube direct banking	scope:	eq	version:	12.0.1	Trust: 0.3
vendor:	oracle	model:	flexcube direct banking	scope:	eq	version:	12.0.3	Trust: 0.3
vendor:	oracle	model:	flexcube direct banking	scope:	eq	version:	12.0.2	Trust: 0.3
vendor:	oracle	model:	financial services lending and leasing	scope:	eq	version:	14.2	Trust: 0.3
vendor:	oracle	model:	financial services lending and leasing	scope:	eq	version:	14.1	Trust: 0.3
vendor:	oracle	model:	exalogic infrastructure	scope:	eq	version:	2.0	Trust: 0.3
vendor:	oracle	model:	exalogic infrastructure	scope:	eq	version:	1.0	Trust: 0.3
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.3.2	Trust: 0.3
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.2.2	Trust: 0.3
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	oracle	model:	enterprise manager for fusion middleware	scope:	eq	version:	11.1.1.9	Trust: 0.3
vendor:	oracle	model:	enterprise manager for fusion middleware	scope:	eq	version:	11.1.1.7	Trust: 0.3
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.1.0.0	Trust: 0.3
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	12.1.0.5	Trust: 0.3
vendor:	oracle	model:	enterprise communications broker	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	engineering data management	scope:	eq	version:	6.2.0.0	Trust: 0.3
vendor:	oracle	model:	engineering data management	scope:	eq	version:	6.1.3.0	Trust: 0.3
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.2.3	Trust: 0.3
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.2.5	Trust: 0.3
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.2.4	Trust: 0.3
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	oracle	model:	documaker	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	directory server enterprise edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	oracle	model:	directory server enterprise edition	scope:	eq	version:	11.1.1.7	Trust: 0.3
vendor:	oracle	model:	demand planning	scope:	eq	version:	12.2	Trust: 0.3
vendor:	oracle	model:	demand planning	scope:	eq	version:	12.1	Trust: 0.3
vendor:	oracle	model:	database 12c release	scope:	eq	version:	112.12	Trust: 0.3
vendor:	oracle	model:	database 12c release	scope:	eq	version:	112.11	Trust: 0.3
vendor:	oracle	model:	database 11g release	scope:	eq	version:	211.2.0.4	Trust: 0.3
vendor:	oracle	model:	communications unified session manager	scope:	eq	version:	7.3.5	Trust: 0.3
vendor:	oracle	model:	communications unified session manager	scope:	eq	version:	7.2.5	Trust: 0.3
vendor:	oracle	model:	communications session border controller	scope:	eq	version:	7.3.0	Trust: 0.3
vendor:	oracle	model:	communications session border controller	scope:	eq	version:	7.2.0	Trust: 0.3
vendor:	oracle	model:	communications policy management	scope:	eq	version:	9.9	Trust: 0.3
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	5.0.2.0.0	Trust: 0.3
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	5.0.1.0.0	Trust: 0.3
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	5.0.0.2.0	Trust: 0.3
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	5.0.0.1.0	Trust: 0.3
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	4.4.1.5.0	Trust: 0.3
vendor:	oracle	model:	communications messaging server	scope:	eq	version:	7.0.530.0	Trust: 0.3
vendor:	oracle	model:	communications messaging server	scope:	eq	version:	7.0.529.0	Trust: 0.3
vendor:	oracle	model:	communications messaging server	scope:	eq	version:	8.0	Trust: 0.3
vendor:	oracle	model:	communications messaging server	scope:	eq	version:	7.0.5.33.0	Trust: 0.3
vendor:	oracle	model:	communications messaging server	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	oracle	model:	communications messaging server	scope:	eq	version:	7.0	Trust: 0.3
vendor:	oracle	model:	communications messaging server	scope:	eq	version:	6.3	Trust: 0.3
vendor:	oracle	model:	communications eagle application processor	scope:	eq	version:	16.0	Trust: 0.3
vendor:	oracle	model:	communications core session manager	scope:	eq	version:	7.3.5	Trust: 0.3
vendor:	oracle	model:	communications core session manager	scope:	eq	version:	7.2.5	Trust: 0.3
vendor:	oracle	model:	communications asap	scope:	eq	version:	7.3	Trust: 0.3
vendor:	oracle	model:	communications asap	scope:	eq	version:	7.2	Trust: 0.3
vendor:	oracle	model:	communications asap	scope:	eq	version:	7.0	Trust: 0.3
vendor:	oracle	model:	business intelligence enterprise edition	scope:	eq	version:	11.2.1.0.0	Trust: 0.3
vendor:	oracle	model:	business intelligence enterprise edition	scope:	eq	version:	11.1.1.9.0	Trust: 0.3
vendor:	oracle	model:	business intelligence enterprise edition	scope:	eq	version:	11.1.1.7.0	Trust: 0.3
vendor:	oracle	model:	bi publisher	scope:	eq	version:	12.2.1.0.0	Trust: 0.3
vendor:	oracle	model:	bi publisher	scope:	eq	version:	11.1.1.9.0	Trust: 0.3
vendor:	oracle	model:	bi publisher	scope:	eq	version:	11.1.1.7.0	Trust: 0.3
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.5.0	Trust: 0.3
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.4.1	Trust: 0.3
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.4.0	Trust: 0.3
vendor:	oracle	model:	banking platform	scope:	eq	version:	2.3.0	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	3.2.1.00.10	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	1.1.3	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	5.0	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	4.2.3.00.08	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	4.2	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	4.1	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	4.0	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	3.2.0.00.27	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	3.2	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	2.2	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	2.1	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	2.0	Trust: 0.3
vendor:	oracle	model:	application express	scope:	eq	version:	1.5	Trust: 0.3
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	oracle	model:	agile engineering data management	scope:	eq	version:	6.2.0.0	Trust: 0.3
vendor:	oracle	model:	agile engineering data management	scope:	eq	version:	6.1.3.0	Trust: 0.3
vendor:	oracle	model:	access manager	scope:	eq	version:	10.1.43	Trust: 0.3
vendor:	oracle	model:	access manager	scope:	eq	version:	10.1.4.2	Trust: 0.3
vendor:	oracle	model:	access manager	scope:	eq	version:	10.1.4	Trust: 0.3
vendor:	oracle	model:	access manager	scope:	eq	version:	11.1.2.0.0	Trust: 0.3
vendor:	oracle	model:	access manager	scope:	eq	version:	11.1.1.7.0	Trust: 0.3
vendor:	ibm	model:	websphere application server	scope:	eq	version:	9.0	Trust: 0.3
vendor:	ibm	model:	websphere application server liberty pr	scope:	eq	version:	8.5.5.0-	Trust: 0.3
vendor:	ibm	model:	websphere application server full profile	scope:	eq	version:	8.5.5	Trust: 0.3
vendor:	ibm	model:	websphere application server liberty profile	scope:	eq	version:	8.5	Trust: 0.3
vendor:	ibm	model:	websphere application server full profile	scope:	eq	version:	8.5	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	9.8	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	9.7	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	11.1	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	10.5	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	10.1	Trust: 0.3
vendor:	citrix	model:	netscaler t1	scope:	eq	version:	0	Trust: 0.3
vendor:	citrix	model:	netscaler service delivery appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	0	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	0	Trust: 0.3
vendor:	citrix	model:	command center appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	citrix	model:	cloudbridge	scope:	eq	version:	0	Trust: 0.3

sources: BID: 87327 // BID: 91787 // JVNDB: JVNDB-2016-002326 // CNNVD: CNNVD-201604-585 // NVD: CVE-2016-3081

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-3081
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-3081
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201604-585
value:	HIGH
Trust: 0.6
VULMON:	CVE-2016-3081
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-3081
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2016-3081
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULMON: CVE-2016-3081 // JVNDB: JVNDB-2016-002326 // CNNVD: CNNVD-201604-585 // NVD: CVE-2016-3081

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2016-002326 // NVD: CVE-2016-3081

THREAT TYPE

network

Trust: 0.6

sources: BID: 87327 // BID: 91787

TYPE

Unknown

Trust: 0.6

sources: BID: 87327 // BID: 91787

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002326

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2016-3081

PATCH

title:	S2-032: Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.	url:	http://struts.apache.org/docs/s2-032.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - October 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - July 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Trust: 0.8
title:	July 2016 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/july_2016_critical_patch_update	Trust: 0.8
title:	October 2016 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/october_2016_critical_patch_update	Trust: 0.8
title:	Apache Struts 2 Fixes for arbitrary code execution vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61268	Trust: 0.6
title:	Red Hat: CVE-2016-3081	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-3081	Trust: 0.1
title:	Forcepoint Security Advisories: CVE-2016-3081 Apache Struts 2 security vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories&qid=11425734a2681a4f1da0e4a7a8f3837d	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=05aabe19d38058b7814ef5514aab4c0c	Trust: 0.1
title:	PyEXP	url:	https://github.com/jooeji/PyEXP	Trust: 0.1
title:	S02-32-POC	url:	https://github.com/killerhack/S02-32-POC	Trust: 0.1

sources: VULMON: CVE-2016-3081 // JVNDB: JVNDB-2016-002326 // CNNVD: CNNVD-201604-585

EXTERNAL IDS

db:	NVD	id:	CVE-2016-3081	Trust: 2.8
db:	BID	id:	87327	Trust: 1.9
db:	BID	id:	91787	Trust: 1.9
db:	PACKETSTORM	id:	136856	Trust: 1.6
db:	SECTRACK	id:	1035665	Trust: 1.6
db:	EXPLOIT-DB	id:	39756	Trust: 1.6
db:	JVN	id:	JVNVU91375252	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-002326	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-585	Trust: 0.6
db:	VULMON	id:	CVE-2016-3081	Trust: 0.1

sources: VULMON: CVE-2016-3081 // BID: 87327 // BID: 91787 // JVNDB: JVNDB-2016-002326 // CNNVD: CNNVD-201604-585 // NVD: CVE-2016-3081

REFERENCES

url:	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Trust: 2.2
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en	Trust: 1.9
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 1.9
url:	https://struts.apache.org/docs/s2-032.html	Trust: 1.9
url:	http://www.securityfocus.com/bid/87327	Trust: 1.6
url:	https://www.exploit-db.com/exploits/39756/	Trust: 1.6
url:	http://www.securitytracker.com/id/1035665	Trust: 1.6
url:	http://packetstormsecurity.com/files/136856/apache-struts-2.3.28-dynamic-method-invocation-remote-code-execution.html	Trust: 1.6
url:	http://www.securityfocus.com/bid/91787	Trust: 1.6
url:	http://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exec	Trust: 1.0
url:	http://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exec	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3081	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20160427-struts.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2016/at160020.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu91375252	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3081	Trust: 0.8
url:	http://seclab.dbappsecurity.com.cn/?p=924	Trust: 0.8
url:	http/struts_dmi_exec	Trust: 0.6
url:	http://www.rapid7.com/db/modules/exploit/multi/	Trust: 0.6
url:	http://www.rapid7.com/db/modules/exploit/linux/	Trust: 0.6
url:	http://struts.apache.org/	Trust: 0.3
url:	http://www.huawei.com/en/psirt/security-notices/huawei-sn-20160427-01-struts2-en	Trust: 0.3
url:	http://www.oracle.com	Trust: 0.3
url:	http://support.citrix.com/article/ctx216642	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21984819	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21988710	Trust: 0.3

sources: BID: 87327 // BID: 91787 // JVNDB: JVNDB-2016-002326 // CNNVD: CNNVD-201604-585 // NVD: CVE-2016-3081

CREDITS

Nike Zheng nike.zheng@dbappsecurity.com.cn

Trust: 0.6

sources: CNNVD: CNNVD-201604-585

SOURCES

db:	VULMON	id:	CVE-2016-3081
db:	BID	id:	87327
db:	BID	id:	91787
db:	JVNDB	id:	JVNDB-2016-002326
db:	CNNVD	id:	CNNVD-201604-585
db:	NVD	id:	CVE-2016-3081

LAST UPDATE DATE

2024-08-14T12:04:50.744000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2016-3081	date:	2019-08-12T00:00:00
db:	BID	id:	87327	date:	2016-10-26T01:16:00
db:	BID	id:	91787	date:	2018-10-15T09:00:00
db:	JVNDB	id:	JVNDB-2016-002326	date:	2016-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201604-585	date:	2019-08-15T00:00:00
db:	NVD	id:	CVE-2016-3081	date:	2019-08-12T21:15:13.157

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2016-3081	date:	2016-04-26T00:00:00
db:	BID	id:	87327	date:	2016-04-22T00:00:00
db:	BID	id:	91787	date:	2016-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2016-002326	date:	2016-04-28T00:00:00
db:	CNNVD	id:	CNNVD-201604-585	date:	2016-04-26T00:00:00
db:	NVD	id:	CVE-2016-3081	date:	2016-04-26T14:59:02.207