Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data.

Crash Dump:


wvcore.dll!oit::ParameterMap::removeListener + 0x9 (id: e0e)
sccdu.dll + 0x6D5DD (id: 570, no function symbol available)
sccdu.dll + 0x6CA80 (no function symbol available)
sccdu.dll + 0x6CADB (no function symbol available)


eax   =        0x1	xmm0  =                                0x0
ebx   =      0x568	xmm1  =                                0x0
ecx   =  0xA4C2F70	xmm2  =                                0x0
edx   =        0x0	xmm3  =                                0x0
esi   =  0xA4A0E40	xmm4  =                                0x0
edi   =  0xA4A0F88	xmm5  =                                0x0
esp   =   0xF3EC48	xmm6  =                                0x0
ebp   =   0xF3F004	xmm7  =                 0x3FF0000000000000

Disassembly of stack frame 1 at wvcore.dll!oit::ParameterMap::removeListener + 0x9

579b94bf 	7d2c	jge wvcore!oit::ParameterMap::notifyListeners+0x5d (579b94ed)
579b94c1 	8b400c	mov eax,dword ptr [eax+0Ch]
579b94c4 	8b0cb0	mov ecx,dword ptr [eax+esi*4]
579b94c7 	85c9	test ecx,ecx
579b94c9 	740d	je wvcore!oit::ParameterMap::notifyListeners+0x48 (579b94d8)
579b94cb 	8b01	mov eax,dword ptr [ecx]
579b94cd 	57	push edi
579b94ce 	ff7500	push dword ptr [ebp]
579b94d1 	ff10	call dword ptr [eax]
579b94d3 	85db	test ebx,ebx
579b94d5 	0f44d8	cmove ebx,eax
579b94d8 	46	inc esi
579b94d9 	3b7734	cmp esi,dword ptr [edi+34h]
579b94dc 	7cd2	jl wvcore!oit::ParameterMap::notifyListeners+0x20 (579b94b0)
579b94de 	5f	pop edi
579b94df 	5e	pop esi
579b94e0 	5d	pop ebp
579b94e1 	8bc3	mov eax,ebx
579b94e3 	5b	pop ebx
579b94e4 	81c4a0000000	add esp,0A0h
579b94ea 	c20400	ret 4
579b94ed 	6a01	push 1
579b94ef 	6a00	push 0
579b94f1 	6a00	push 0
579b94f3 	6a00	push 0
579b94f5 	687cfaa757	push offset wvcore!oit::ArrayList<oit::WString *>::`vbtable'+0x208 (57a7fa7c)
579b94fa 	6889000000	push 89h
579b94ff 	8d4c2428	lea ecx,[esp+28h]
579b9503 	e89825ffff	call wvcore!oit::Exception::Exception (579abaa0)
579b9508 	68242dac57	push offset wvcore!oit::Win32SystemException::`vbtable'+0x12578 (57ac2d24)
579b950d 	8d442414	lea eax,[esp+14h]
579b9511 	50	push eax
579b9512 	e8bd320b00	call wvcore!oit::Win32SystemException::clone+0x6384 (57a6c7d4)
579b9517 	6a01	push 1
579b9519 	6a00	push 0
579b951b 	6a00	push 0
579b951d 	6a00	push 0
579b951f 	6830faa757	push offset wvcore!oit::ArrayList<oit::WString *>::`vbtable'+0x1bc (57a7fa30)
579b9524 	6889000000	push 89h
579b9529 	8d4c2428	lea ecx,[esp+28h]
579b952d 	e86e25ffff	call wvcore!oit::Exception::Exception (579abaa0)
579b9532 	68242dac57	push offset wvcore!oit::Win32SystemException::`vbtable'+0x12578 (57ac2d24)
579b9537 	8d442414	lea eax,[esp+14h]
579b953b 	50	push eax
579b953c 	e893320b00	call wvcore!oit::Win32SystemException::clone+0x6384 (57a6c7d4)
579b9541 	cc	int 3
579b9542 	cc	int 3
579b9543 	cc	int 3
579b9544 	cc	int 3
579b9545 	cc	int 3
579b9546 	cc	int 3
579b9547 	cc	int 3
579b9548 	cc	int 3
579b9549 	cc	int 3
579b954a 	cc	int 3
579b954b 	cc	int 3
579b954c 	cc	int 3
579b954d 	cc	int 3
579b954e 	cc	int 3
579b954f 	cc	int 3
579b9550 	81ec40010000	sub esp,140h
579b9556 	33d2	xor edx,edx
579b9558 	56	push esi
579b9559 	8b7134	mov esi,dword ptr [ecx+34h] // current instruction
579b955c 	85f6	test esi,esi
579b955e 	7e32	jle wvcore!oit::ParameterMap::removeListener+0x42 (579b9592)
579b9560 	57	push edi
579b9561 	8bbc244c010000	mov edi,dword ptr [esp+14Ch]
579b9568 	85d2	test edx,edx
579b956a 	0f88cb000000	js wvcore!oit::ParameterMap::removeListener+0xeb (579b963b)
579b9570 	3bd6	cmp edx,esi
579b9572 	0f8dc3000000	jge wvcore!oit::ParameterMap::removeListener+0xeb (579b963b)
579b9578 	8b4130	mov eax,dword ptr [ecx+30h]
579b957b 	3b5008	cmp edx,dword ptr [eax+8]
579b957e 	0f8d8d000000	jge wvcore!oit::ParameterMap::removeListener+0xc1 (579b9611)
579b9584 	8b400c	mov eax,dword ptr [eax+0Ch]
579b9587 	393c90	cmp dword ptr [eax+edx*4],edi
579b958a 	7410	je wvcore!oit::ParameterMap::removeListener+0x4c (579b959c)
579b958c 	42	inc edx
579b958d 	3bd6	cmp edx,esi
579b958f 	7cd7	jl wvcore!oit::ParameterMap::removeListener+0x18 (579b9568)
579b9591 	5f	pop edi
579b9592 	5e	pop esi
579b9593 	81c440010000	add esp,140h
579b9599 	c20400	ret 4
579b959c 	3bd6	cmp edx,esi
579b959e 	7d47	jge wvcore!oit::ParameterMap::removeListener+0x97 (579b95e7)
579b95a0 	8b4130	mov eax,dword ptr [ecx+30h]
579b95a3 	3b5008	cmp edx,dword ptr [eax+8]
579b95a6 	7d15	jge wvcore!oit::ParameterMap::removeListener+0x6d (579b95bd)
579b95a8 	8b400c	mov eax,dword ptr [eax+0Ch]
579b95ab 	5f	pop edi
579b95ac 	5e	pop esi
579b95ad 	c7049000000000	mov dword ptr [eax+edx*4],0
579b95b4 	81c440010000	add esp,140h
579b95ba 	c20400	ret 4
579b95bd 	6a01	push 1
579b95bf 	6a00	push 0
579b95c1 	6a00	push 0
579b95c3 	6a00	push 0
579b95c5 	687cfaa757	push offset wvcore!oit::ArrayList<oit::WString *>::`vbtable'+0x208 (57a7fa7c)
579b95ca 	6889000000	push 89h
579b95cf 	8d4c2420	lea ecx,[esp+20h]
579b95d3 	e8c824ffff	call wvcore!oit::Exception::Exception (579abaa0)
579b95d8 	68242dac57	push offset wvcore!oit::Win32SystemException::`vbtable'+0x12578 (57ac2d24)
579b95dd 	8d44240c	lea eax,[esp+0Ch]
579b95e1 	50	push eax
579b95e2 	e8ed310b00	call wvcore!oit::Win32SystemException::clone+0x6384 (57a6c7d4)
579b95e7 	6a01	push 1
579b95e9 	6a00	push 0
579b95eb 	6a00	push 0
579b95ed 	6a00	push 0
579b95ef 	688000a857	push offset wvcore!oit::ArrayList<oit::PipelineStage *>::`vbtable'+0xa8 (57a80080)