HTTP: Oracle Application Server Forms Arbitrary System Command Execution
This signature detects attempts to exploit a known vulnerability against Oracle Application Server. A successful attack can lead to arbitrary code execution.
Extended Description
Oracle Forms Services is susceptible to an unauthorized form execution vulnerability. Attackers may exploit this vulnerability to execute arbitrary commands with the privileges of the Oracle account under which the server is executing. It should be noted that this issue may be remotely exploited if an attacker has means to write files to the serving computer (WebDAV, FTP, CIFS, etc.) without local access.
Affected Products
Oracle oracle_reports6i
Short Name
HTTP:ORACLE:SERVER-FORMS-CE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Application Arbitrary CVE-2005-2372 Command Execution Forms Oracle Server System bid:14319
Release Date
09/15/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Oracle
CVSS Score
7.2