Lucene search
RgodZDI-10-123HistoryJul 13, 2010 - 12:00 a.m.
Oracle Secure Backup Administration Authentication Bypass Vulnerability
2010-07-1300:00:00
rgod
www.zerodayinitiative.com
13
0.107 Low
EPSS
Percentile
95.1%
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. The specific flaw exists within the register globals emulation layer which allows attackers to specify values for arbitrary program variables. When specific parameters are specified via the URI it is possible for an attacker to bypass the authentication mechanism and reach functionality otherwise inaccessible without proper credentials. This can be leveraged by remote attackers to trigger what were post-auth vulnerabilities without valid credentials.
Related
checkpoint_advisories
checkpoint_advisories
prion
prion
Design/Logic Flaw
2010-07-13 22:30:00
Design/Logic Flaw
2010-07-13 22:30:00
zdi
zdi
nvd
nvd
CVE-2010-0904
2010-07-13 22:30:01
CVE-2010-0907
2010-07-13 22:30:02
cvelist
cvelist
CVE-2010-0904
2010-07-13 22:07:00
CVE-2010-0907
2010-07-13 22:07:00
cve
cve
CVE-2010-0904
2010-07-13 22:30:01
CVE-2010-0907
2010-07-13 22:30:02
nessus
nessus
Oracle Secure Backup Administration Server login.php Authentication Bypass
2010-07-16 00:00:00
packetstorm
packetstorm
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
2011-08-21 00:00:00
securityvulns
securityvulns
Oracle / Sun applications multiple security vulneraebilities
2010-07-20 00:00:00
Oracle Critical Patch Update Advisory - July 2010
2010-07-15 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - July 2010
2010-07-13 00:00:00