// For flags

CVE-2010-3600

Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code.

Una vulnerabilidad no especificada en el componente Client System Analyzer en Database Server versiones 11.1.0.7 y 11.2.0.1 y Enterprise Manager Grid Control versión 10.2.0.5, de Oracle, permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad por medio de vectores desconocidos. NOTA: la información anterior fue obtenida de la CPU de enero de 2011. Oracle no ha comentado las afirmaciones de un coordinador de terceros confiable de que este problema involucra un script JSP expuesto que acepta cargas XML junto con bytes NULL en un parámetro no especificado que permite la ejecución de código arbitrario .

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Database 11g. Authentication is not required to exploit this vulnerability.
The specific flaw exists within a JSP script exposed via an HTTPS server running by default on TCP port 1158. The script allows clients to upload XML files to the server. However, if a NULL byte is supplied within a POST parameter during a request to this JSP page, the process will fail to properly append the XML extension to the created file. An attacker can abuse this to upload executable code which can later be accessed remotely allowing for code execution to be achieved on the server system.

*Credits: 1c239c43f521145fa8385d64a9c32243
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-09-20 CVE Reserved
  • 2011-01-18 CVE Published
  • 2012-11-15 First Exploit
  • 2024-08-07 CVE Updated
  • 2024-09-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
11.1.0.7
Search vendor "Oracle" for product "Database Server" and version "11.1.0.7"
-
Affected
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
11.2.0.1
Search vendor "Oracle" for product "Database Server" and version "11.2.0.1"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Manager Grid Control
Search vendor "Oracle" for product "Enterprise Manager Grid Control"
10.2.0.5
Search vendor "Oracle" for product "Enterprise Manager Grid Control" and version "10.2.0.5"
-
Affected