7.5
CVE-2010-4417
- EPSS 78.67%
- Veröffentlicht 19.01.2011 16:00:03
- Zuletzt bearbeitet 16.06.2026 23:24:45
- Quelle secalert_us@oracle.com
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 78.67% | 0.995 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.vupen.com/english/advisories/2011/0143
http://www.securitytracker.com/id?1024981
http://secunia.com/advisories/42978
http://www.securityfocus.com/bid/45854
http://www.zerodayinitiative.com/advisories/ZDI-11-020/
https://exchange.xforce.ibmcloud.com/vulnerabilities/64772
https://www.exploit-db.com/exploits/38859/