CVE-2019-2473

Name of the Vulnerable Software and Affected Versions Oracle Outside In Technology versions 8.5.3 through 8.5.4

Description The issue is related to a lack of access control in the Oracle Outside In Technology component, specifically in the Outside In Filters subcomponent. This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, potentially causing a hang or complete denial of service (DOS) due to repeated crashes. The severity of the impact can vary depending on how the Outside In Technology code is used by other software, particularly if data received over a network is directly passed to the Outside In Technology code.

Recommendations For versions 8.5.3 and 8.5.4, consider restricting network access to the Oracle Outside In Technology component until a fix is available, to minimize the risk of exploitation. Additionally, review the configuration of any software that utilizes the Outside In Technology code to ensure that it does not directly pass network-received data to the vulnerable component, which could mitigate the severity of the impact. At the moment, there is no information about a newer version that contains a fix for this vulnerability.