Login Sign Up

CVE-2021-35660

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Oracle Outside In Technology allows unauthenticated attackers to cause denial of service by crashing or hanging the software via HTTP requests. It affects Oracle Fusion Middleware using Outside In Filters version 8.5.5. Organizations using software that incorporates this SDK are vulnerable if they process untrusted data.

💻 Affected Systems

Products:
  • Oracle Fusion Middleware (Outside In Filters component)
  • Any third-party software using Oracle Outside In Technology SDK
Versions: 8.5.5
Operating Systems: All platforms supported by Oracle Outside In Technology
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the SDK itself, so any software using Oracle Outside In Technology 8.5.5 is potentially affected. Impact depends on how the SDK is integrated and whether it processes network data.

📦 What is this software?

Outside In Technology by Oracle

View all CVEs affecting Outside In Technology →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for any application using Outside In Technology, potentially affecting multiple business processes that rely on document processing capabilities.

🟠

Likely Case

Service disruption for applications using Outside In Technology to process files, causing application crashes and requiring restarts.

🟢

If Mitigated

Limited impact if proper network segmentation and input validation are implemented to filter malicious requests before reaching vulnerable components.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Oracle describes this as 'easily exploitable' with no authentication required via HTTP. The vulnerability is in document parsing filters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Oracle Critical Patch Update for October 2021 or later versions

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2021.html

Restart Required: Yes

Instructions:

1. Review Oracle Critical Patch Update Advisory for October 2021. 2. Apply the appropriate patch for your Oracle Fusion Middleware installation. 3. Restart affected services. 4. For third-party software using Outside In Technology, contact the vendor for updated versions.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to applications using Outside In Technology to trusted sources only

Input Validation

all

Implement strict input validation and file type checking before passing data to Outside In Technology

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to filter suspicious HTTP requests targeting document processing endpoints
  • Isolate affected systems in segmented network zones with strict access controls

🔍 How to Verify

Check if Vulnerable:

Check if any applications use Oracle Outside In Technology version 8.5.5. Review application documentation or contact vendors to confirm SDK usage.

Check Version:

Specific commands vary by implementation. For Oracle products, check patch levels via OPatch or Oracle Universal Installer.

Verify Fix Applied:

Verify patch installation through Oracle patch management tools or by checking version information in application components.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or hangs related to document processing
  • Error logs mentioning Outside In Technology or document filter failures
  • Unusual HTTP requests to document processing endpoints

Network Indicators:

  • HTTP requests to document processing services followed by service unavailability
  • Repeated connection attempts to document parsing endpoints

SIEM Query:

source="application_logs" AND ("crash" OR "hang" OR "Outside In") AND process="document_processing"

📊 Metadata

CVE ID: CVE-2021-35660
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: October 20, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON