Login Sign Up

CVE-2021-35658

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software. It affects any system using Oracle Fusion Middleware with Outside In Filters version 8.5.5. The vulnerability is network-accessible via HTTP and requires no user interaction.

💻 Affected Systems

Products:
  • Oracle Fusion Middleware with Outside In Filters
Versions: 8.5.5
Operating Systems: All platforms supported by Oracle Outside In Technology
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability affects the Outside In Technology SDKs, so impact depends on how applications implement them. Applications that pass network data directly to Outside In Technology are most vulnerable.

📦 What is this software?

Outside In Technology by Oracle

View all CVEs affecting Outside In Technology →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for any application using Outside In Technology, potentially affecting multiple business processes that rely on document processing capabilities.

🟠

Likely Case

Service disruption for applications using Outside In Technology for document conversion or processing, leading to application crashes and downtime.

🟢

If Mitigated

Limited impact if network access is restricted or if input validation prevents malicious payloads from reaching the vulnerable component.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Oracle describes this as 'easily exploitable' with no authentication required. The attack vector is HTTP network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from Oracle Critical Patch Update October 2021

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2021.html

Restart Required: Yes

Instructions:

1. Review Oracle Critical Patch Update Advisory for October 2021. 2. Download and apply the appropriate patches for your Oracle Fusion Middleware installation. 3. Restart affected services. 4. Test document processing functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to applications using Outside In Technology to trusted sources only

Input Validation

all

Implement strict input validation for all data passed to Outside In Technology components

🧯 If You Can't Patch

  • Implement network controls to restrict HTTP access to affected systems
  • Monitor for abnormal crashes or hangs in applications using Outside In Technology

🔍 How to Verify

Check if Vulnerable:

Check if Oracle Fusion Middleware with Outside In Filters version 8.5.5 is installed and if applications use Outside In Technology for document processing

Check Version:

Check Oracle documentation or installation logs for Outside In Technology version information

Verify Fix Applied:

Verify that patches from Oracle CPU October 2021 have been applied and test document processing functionality

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or hangs related to document processing
  • Error logs from Outside In Technology components
  • Abnormal termination of services using Outside In

Network Indicators:

  • HTTP requests to document processing endpoints followed by service disruption
  • Unusual traffic patterns to applications using Outside In Technology

SIEM Query:

Search for application crash events or service termination events in systems running Oracle Fusion Middleware

📊 Metadata

CVE ID: CVE-2021-35658
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: October 20, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON