Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:ORACLE:CLNT-SYS-ANLZR-FL-UP |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Oracle Database Client System Analyzer Arbitrary File Upload |
Release Date |
2012/11/21 |
Update Number |
2205 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Oracle Database Client System Analyzer Arbitrary File Upload
This signature detects attempts to exploit a known vulnerability against Oracle Database Client System Analyzer. A successful attack can lead to the upload of an arbitrary file.
Extended Description
Oracle Database and Enterprise Manager Grid Control is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code within the context of the application. This vulnerability affects Enterprise Manager Grid Control 10.2.0.5 on Oracle Database Server 11.1.0.7 and 11.2.0.1.
Affected Products
- Oracle enterprise_manager_grid_control_10g 10.2.0.5
- Oracle oracle11g_enterprise_edition 11.1.0 6
- Oracle oracle11g_enterprise_edition 11.1.0.7
- Oracle oracle11g_enterprise_edition 11.2.0.1.0
- Oracle oracle11g_standard_edition 11.1.0 6
- Oracle oracle11g_standard_edition 11.1.0.7
- Oracle oracle11g_standard_edition 11.2.0.1.0
- Oracle oracle11g_standard_edition_one 11.1.0 6
References
- BugTraq: 45883
- CVE: CVE-2010-3600