APP: Oracle Business Transaction Management Server FlashTunnelService Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Oracle Business Transaction Management Server. A successful attack can lead to arbitrary code execution.
Extended Description
Oracle Business Transaction Management Server is prone to a vulnerability that let attackers delete arbitrary files on an affected computer in the context of the web server. Attackers can exploit this issue with directory-traversal strings ('../') to delete arbitrary files; this may aid in launching further attacks. Oracle Business Transaction Management Server 12.1.0.2.7 is vulnerable; prior versions may also be affected.
Affected Products
Oracle business_transaction_management_server
Short Name
APP:ORACLE:BUSINESS-FLSHSVC-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Business Code Execution FlashTunnelService Management Oracle Remote Server Transaction bid:54839 bid:54870
Release Date
10/23/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3664
False Positive
Unknown
Vendors
Oracle