Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-6577


Vulnerability Score 6.8 6.8
CVE Id CVE-2014-6577
Last Modified 14 Apr 2015 10:01:25
Published 21 Jan 2015 10:28:16
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE



Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server,,, and allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the original researcher's claim that this is an XML external entity (XXE) vulnerability in the XML parser, which allows attackers to conduct internal port scanning, perform SSRF attacks, or cause a denial of service via a crafted (1) http: or (2) ftp: URI.

Vulnerable Systems


  • Oracle Database Server

  • Oracle Database Server

  • Oracle Database Server

  • Oracle Database Server




SECTRACK - 1031572

BUGTRAQ - 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE


Last Updated: 27 May 2016 11:08:24