Oracle Communications Diameter Signaling Router up to 8.4.0.5 denial of service

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in Oracle Communications Diameter Signaling Router up to 8.4.0.5 (Cloud Software). Affected is an unknown code. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/21/2020 07:35 AM11/22/2020 07:37 PM11/22/2020 07:41 PM
vendorOracleOracleOracle
nameCommunications Diameter Signaling RouterCommunications Diameter Signaling RouterCommunications Diameter Signaling Router
cveCVE-2019-11048CVE-2019-11048CVE-2019-11048
risk222
cwe404404404
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version<=8.4.0.5<=8.4.0.5<=8.4.0.5
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
typeCloud SoftwareCloud SoftwareCloud Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore4.44.44.4
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_meta_basescore5.35.35.3
cvss3_meta_tempscore5.15.15.1
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore5.05.05.0
cve_assigned15547608001554760800
cve_nvd_summaryIn PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
confirm_urlhttps://security.netapp.com/advisory/ntap-20200528-0006/https://security.netapp.com/advisory/ntap-20200528-0006/
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiN
cvss2_nvd_aiP
cve_cnaPHP Group

Do you know our Splunk app?

Download it now for free!