Alias(es)ORACLE.Reports.Servlet.Command.Execution.Attempt |
Release DateSep 27, 2005 |
Severityhigh |
ImpactCompromise of the affected system. |
DescriptionIt indicates a possible exploit of a Servlet Command Execution vulnerability in Oracle Forms.Oracle Forms starts forms (.fmx files) from arbitrary directories and executes them with Oracle or System user privileges. Attackers can execute arbitrary code by uploading a specially crafted .fmx file and referencing it using an absolute pathname argument. |
Affected ProductsOracle Forms 4.5 through 10g |
Recommended ActionsApply the appropriate patch from the vendor or upgrade to a non-vulnerable version if available. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2005-2372CVE-2005-2371 |
Reference/shttp://www.securityfocus.com/bid/14309 (BugTraq) |
