Signature Detail
Short Name |
APP:ORACLE:CLNT-SYS-ANLZR-FL-UP |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Oracle Database Client System Analyzer Arbitrary File Upload |
Release Date |
2012/11/21 |
Update Number |
2205 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Oracle Database Client System Analyzer Arbitrary File Upload
This signature detects attempts to exploit a known vulnerability against Oracle Database Client System Analyzer. A successful attack can lead to the upload of an arbitrary file.
Extended Description
Oracle Database and Enterprise Manager Grid Control is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code within the context of the application. This vulnerability affects Enterprise Manager Grid Control 10.2.0.5 on Oracle Database Server 11.1.0.7 and 11.2.0.1.
Affected Products
- Oracle Enterprise Manager Grid Control 10g 10.2.0.5
- Oracle Oracle11g Enterprise Edition 11.1.0 6
- Oracle Oracle11g Enterprise Edition 11.1.0.7
- Oracle Oracle11g Enterprise Edition 11.2.0.1.0
- Oracle Oracle11g Standard Edition 11.1.0 6
- Oracle Oracle11g Standard Edition 11.1.0.7
- Oracle Oracle11g Standard Edition 11.2.0.1.0
- Oracle Oracle11g Standard Edition One 11.1.0 6
References
- BugTraq: 45883
- CVE: CVE-2010-3600