Oracle.Application.Server.Arbitrary.System.Command.Execution
Description
It indicates a possible exploit of a Servlet Command Execution vulnerability in Oracle Forms.
Oracle Forms starts forms (.fmx files) from arbitrary directories and executes them with Oracle or System user privileges. Attackers can execute arbitrary code by uploading a specially crafted .fmx file and referencing it using an absolute pathname argument.
Affected Products
Oracle Forms 4.5 through 10g
Impact
Compromise of the affected system.
Recommended Actions
Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version if available.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |