Search for vulnerabilities
Vulnerability details: VCID-q2vs-jf13-aaam
Vulnerability ID VCID-q2vs-jf13-aaam
Aliases CVE-2016-5385
GHSA-m6ch-gg5f-wxx3
Summary HTTP Proxy header vulnerability
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-284 Improper Access Control
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20 Improper Input Validation
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5385.html
generic_textual Medium http://php.net/ChangeLog-7.php#7.0.9
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1609
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1610
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1611
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1612
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1613
cvssv3 5.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5385.json
epss 0.73661 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.74573 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.74595 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.74595 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.74595 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.74595 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79868 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79868 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.79886 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.81709 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.81709 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.81709 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.81709 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.81709 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.81709 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.81725 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.81725 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.81725 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.81725 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.81725 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.92761 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.92761 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.92761 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.92761 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.92761 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.92761 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.92761 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.92761 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.92761 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.92761 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.94015 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.94015 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.94015 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
epss 0.94015 https://api.first.org/data/v1/epss?cve=CVE-2016-5385
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1353794
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6289
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6290
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6291
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6292
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6294
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6295
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6296
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6297
cvssv2 5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-m6ch-gg5f-wxx3
cvssv3.1 8.1 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
generic_textual HIGH https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
cvssv3.1 8.1 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
generic_textual HIGH https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
cvssv3.1 8.1 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
generic_textual HIGH https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
generic_textual Low https://httpoxy.org/
cvssv2 5.1 https://nvd.nist.gov/vuln/detail/CVE-2016-5385
cvssv3 8.1 https://nvd.nist.gov/vuln/detail/CVE-2016-5385
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2016-5385
generic_textual Medium https://ubuntu.com/security/notices/USN-3045-1
cvssv3.1 7.5 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5385.html
http://php.net/ChangeLog-7.php#7.0.9
http://rhn.redhat.com/errata/RHSA-2016-1609.html
http://rhn.redhat.com/errata/RHSA-2016-1610.html
http://rhn.redhat.com/errata/RHSA-2016-1611.html
http://rhn.redhat.com/errata/RHSA-2016-1612.html
http://rhn.redhat.com/errata/RHSA-2016-1613.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5385.json
https://api.first.org/data/v1/epss?cve=CVE-2016-5385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6297
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/amphp/artax/commit/81254742812a5a9adf4b085f543f3f21daedcd97
https://github.com/amphp/artax/commit/b60cf493c9e577a3678865f620b1eb61ab3d7ca9
https://github.com/bugsnag/bugsnag-laravel/pull/143
https://github.com/bugsnag/bugsnag-laravel/pull/145
https://github.com/bugsnag/bugsnag-laravel/releases/tag/v2.0.2
https://github.com/guzzle/guzzle/blob/4.x/CHANGELOG.md#424-2016-07-18
https://github.com/guzzle/guzzle/blob/5.3/CHANGELOG.md#531---2016-07-18
https://github.com/guzzle/guzzle/blob/master/CHANGELOG.md#622---2016-10-08
https://github.com/guzzle/guzzle/releases/tag/6.2.1
https://github.com/humbug/file_get_contents/pull/23
https://github.com/humbug/file_get_contents/pull/23/commits/848e8c282a863654e76bd958acfb57c81cb739b5
https://github.com/humbug/file_get_contents/releases/tag/1.1.2
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://httpoxy.org/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
https://security.gentoo.org/glsa/201611-22
https://twitter.com/asyncphp/status/755136084917583872
https://typo3.org/security/advisory/typo3-core-sa-2016-019
https://ubuntu.com/security/notices/USN-3045-1
https://www.drupal.org/SA-CORE-2016-003
http://www.debian.org/security/2016/dsa-3631
http://www.kb.cert.org/vuls/id/797896
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.securityfocus.com/bid/91821
http://www.securitytracker.com/id/1036335
1353794 https://bugzilla.redhat.com/show_bug.cgi?id=1353794
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_user_data_repository:10.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_user_data_repository:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_user_data_repository:12.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_user_data_repository:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
CVE-2016-5385 https://nvd.nist.gov/vuln/detail/CVE-2016-5385
CVE-2016-5385.YAML https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/CVE-2016-5385.yaml
CVE-2016-5385.YAML https://github.com/FriendsOfPHP/security-advisories/blob/master/bugsnag/bugsnag-laravel/CVE-2016-5385.yaml
CVE-2016-5385.YAML https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-5385.yaml
CVE-2016-5385.YAML https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-5385.yaml
CVE-2016-5385.YAML https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2016-5385.yaml
CVE-2016-5385.YAML https://github.com/FriendsOfPHP/security-advisories/blob/master/padraic/humbug_get_contents/CVE-2016-5385.yaml
CVE-2016-5385.YAML https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2016-5385.yaml
GHSA-m6ch-gg5f-wxx3 https://github.com/advisories/GHSA-m6ch-gg5f-wxx3
RHSA-2016:1609 https://access.redhat.com/errata/RHSA-2016:1609
RHSA-2016:1610 https://access.redhat.com/errata/RHSA-2016:1610
RHSA-2016:1611 https://access.redhat.com/errata/RHSA-2016:1611
RHSA-2016:1612 https://access.redhat.com/errata/RHSA-2016:1612
RHSA-2016:1613 https://access.redhat.com/errata/RHSA-2016:1613
USN-3045-1 https://usn.ubuntu.com/3045-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5385.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2016-5385
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-5385
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-5385
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.98735
EPSS Score 0.73661
Published At April 12, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.