APP: Oracle Database Client System Analyzer Arbitrary File Upload
This signature detects attempts to exploit a known vulnerability against Oracle Database Client System Analyzer. A successful attack can lead to the upload of an arbitrary file.
Extended Description
Oracle Database and Enterprise Manager Grid Control is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code within the context of the application. This vulnerability affects Enterprise Manager Grid Control 10.2.0.5 on Oracle Database Server 11.1.0.7 and 11.2.0.1.
Affected Products
Oracle oracle11g_standard_edition
Short Name
APP:ORACLE:CLNT-SYS-ANLZR-FL-UP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Analyzer Arbitrary CVE-2010-3600 Client Database File Oracle System Upload bid:45883
Release Date
11/21/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Oracle
CVSS Score
7.5