CVE-2010-3600
Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code.
Una vulnerabilidad no especificada en el componente Client System Analyzer en Database Server versiones 11.1.0.7 y 11.2.0.1 y Enterprise Manager Grid Control versión 10.2.0.5, de Oracle, permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad por medio de vectores desconocidos. NOTA: la información anterior fue obtenida de la CPU de enero de 2011. Oracle no ha comentado las afirmaciones de un coordinador de terceros confiable de que este problema involucra un script JSP expuesto que acepta cargas XML junto con bytes NULL en un parámetro no especificado que permite la ejecución de código arbitrario .
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Database 11g. Authentication is not required to exploit this vulnerability.
The specific flaw exists within a JSP script exposed via an HTTPS server running by default on TCP port 1158. The script allows clients to upload XML files to the server. However, if a NULL byte is supplied within a POST parameter during a request to this JSP page, the process will fail to properly append the XML extension to the created file. An attacker can abuse this to upload executable code which can later be accessed remotely allowing for code execution to be achieved on the server system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-09-20 CVE Reserved
- 2011-01-18 CVE Published
- 2012-11-15 First Exploit
- 2024-08-07 CVE Updated
- 2024-09-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/45883 | Vdb Entry | |
http://www.securitytracker.com/id?1024972 | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-11-018 | X_refsource_misc | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/64755 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/22714 | 2012-11-15 | |
https://github.com/LAITRUNGMINHDUC/CVE-2010-3600-PythonHackOracle11gR2 | 2018-07-20 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/42895 | 2017-08-17 | |
http://secunia.com/advisories/42921 | 2017-08-17 | |
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html | 2017-08-17 | |
http://www.vupen.com/english/advisories/2011/0139 | 2017-08-17 | |
http://www.vupen.com/english/advisories/2011/0140 | 2017-08-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 11.1.0.7 Search vendor "Oracle" for product "Database Server" and version "11.1.0.7" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 11.2.0.1 Search vendor "Oracle" for product "Database Server" and version "11.2.0.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Enterprise Manager Grid Control Search vendor "Oracle" for product "Enterprise Manager Grid Control" | 10.2.0.5 Search vendor "Oracle" for product "Enterprise Manager Grid Control" and version "10.2.0.5" | - |
Affected
|