Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:ORACLE:SERVER-FORMS-CE |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Application Server Forms Arbitrary System Command Execution |
Release Date |
2010/09/15 |
Update Number |
1773 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Oracle Application Server Forms Arbitrary System Command Execution
This signature detects attempts to exploit a known vulnerability against Oracle Application Server. A successful attack can lead to arbitrary code execution.
Extended Description
Oracle Forms Services is susceptible to an unauthorized form execution vulnerability. Attackers may exploit this vulnerability to execute arbitrary commands with the privileges of the Oracle account under which the server is executing. It should be noted that this issue may be remotely exploited if an attacker has means to write files to the serving computer (WebDAV, FTP, CIFS, etc.) without local access.
Affected Products
- Oracle forms_and_reports 10g
- Oracle forms_and_reports 4.5.10 .22
- Oracle forms_and_reports 5.0.0
- Oracle forms_and_reports 6.0.8 .25
- Oracle forms_and_reports 6i
- Oracle forms_and_reports 9i
- Oracle oracle_reports_10g 9.0.0
- Oracle oracle_reports_10g 9.0.1
- Oracle oracle_reports_10g 9.0.2
- Oracle oracle_reports_10g 9.0.3
- Oracle oracle_reports_10g 9.0.4
- Oracle oracle_reports_10g 9.0.4 .3.3
- Oracle oracle_reports_6
- Oracle oracle_reports6i 6.0.8
- Oracle oracle_reports6i 6.0.8 .19
- Oracle oracle_reports_9i
References
- BugTraq: 14319
- CVE: CVE-2005-2372