CVE-2010-3600

2011-01-1916:00:03

[email protected]

web.nvd.nist.gov

cve-2010-3600

oracle

database server

enterprise manager

unspecified vulnerability

remote attackers

confidentiality

integrity

availability

arbitrary code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.972 High

EPSS

Percentile

99.8%

JSON

Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code.

Affected configurations

NVD

Node

oracledatabase_serverMatch11.1.0.7

oracledatabase_serverMatch11.2.0.1

oracleenterprise_manager_grid_controlMatch10.2.0.5

CPENameOperatorVersion
oracle:database_serveroracle database servereq11.1.0.7
oracle:database_serveroracle database servereq11.2.0.1
oracle:enterprise_manager_grid_controloracle enterprise manager grid controleq10.2.0.5

CPE	Name	Operator	Version
oracle:database_server	oracle database server	eq	11.1.0.7
oracle:database_server	oracle database server	eq	11.2.0.1
oracle:enterprise_manager_grid_control	oracle enterprise manager grid control	eq	10.2.0.5