Lucene search
HistoryJul 26, 2005 - 4:00 a.m.
CVE-2005-2372
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.2
Confidence
Low
EPSS
0.077
Percentile
94.2%
Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet.
Affected configurations
Node
oracleformsMatch3.0
ORoracleformsMatch4.5
ORoracleformsMatch5.0
ORoracleformsMatch6.0
ORoracleformsMatch6i
ORoracleformsMatch9i
ORoracleformsMatch10g
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | forms | 3.0 | cpe:2.3:a:oracle:forms:3.0:*:*:*:*:*:*:* |
| oracle | forms | 4.5 | cpe:2.3:a:oracle:forms:4.5:*:*:*:*:*:*:* |
| oracle | forms | 5.0 | cpe:2.3:a:oracle:forms:5.0:*:*:*:*:*:*:* |
| oracle | forms | 6.0 | cpe:2.3:a:oracle:forms:6.0:*:*:*:*:*:*:* |
| oracle | forms | 6i | cpe:2.3:a:oracle:forms:6i:*:*:*:*:*:*:* |
| oracle | forms | 9i | cpe:2.3:a:oracle:forms:9i:*:*:*:*:*:*:* |
| oracle | forms | 10g | cpe:2.3:a:oracle:forms:10g:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2005-2372
2005-07-26 04:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2005-2372
2005-07-26 04:00:00
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.2
Confidence
Low
EPSS
0.077
Percentile
94.2%
Related for NVD:CVE-2005-2372