CVE-2010-4417

Oracle Fusion Middleware <2.0.1.3 - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/38859

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by 1c239c43f521145fa8385d64a9c32243 · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/oracle_beehive_evaluation.rb

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://secunia.com/advisories/42978

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1024981

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/0143

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-11-020/

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/64772

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/45854

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/38859/

Scores

EPSS 0.7246

EPSS Percentile 98.8%

Details

Status published

Products (5)

oracle/beehive 2.0.1.0

oracle/beehive 2.0.1.1

oracle/beehive 2.0.1.2

oracle/beehive 2.0.1.2.1

oracle/beehive 2.0.1.3

Published Jan 19, 2011

Tracked Since Feb 18, 2026