HTTP: Oracle Data Quality Trillium Based Unsafe ActiveX Control

This signature detects attempts to use unsafe ActiveX controls in Oracle. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client application.

Extended Description

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, and CVE-2015-4758.

Affected Products

Oracle fusion_middleware

References

CVE: CVE-2015-0444

Short Name
HTTP:STC:ACTIVEX:ORACLE-DQ-TRLM
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX Based CVE-2015-0444 CVE-2015-4759 Control Data Oracle Quality Trillium Unsafe
Release Date
08/11/2015
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3337
False Positive
Unknown
Vendors

Oracle

CVSS Score

6.8

Found a potential security threat?