Steven Seeley of Source InciteSRC-2016-0025SRC-2016-0025 : Oracle Knowledge Management Forum Attachment Upload Remote Code Execution Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:C/I:C/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
89.2%
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Knowledge Management. Authentication is not required to exploit this vulnerability.
The infocenter forum application allows remote attackers to write arbitrary files into the web application root directory using the fileattached parameter. An attacker could leverage this to execute arbitrary code under the context of SYSTEM.
Affected Vendors:
Oracle
Affected Products:
Oracle Knowledge Management
Vendor Response:
Oracle has issued an update to correct this vulnerability. More details can be found at:
<http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html>
Proof of Concept:
<https://github.com/sourceincite/poc/blob/master/SRC-2016-0025.zip>
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:C/I:C/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
89.2%