7.5

CVE-2010-4417

EPSS 72.46%
Veröffentlicht 19.01.2011 16:00:03
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert_us@oracle.com
Teams Watchlist Login
Unerledigt Login

Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Beehive Version2.0.1.0

Oracle ≫ Beehive Version2.0.1.1

Oracle ≫ Beehive Version2.0.1.2

Oracle ≫ Beehive Version2.0.1.2.1

Oracle ≫ Beehive Version2.0.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	72.46%	0.986

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0143

Vendor Advisory

http://www.securitytracker.com/id?1024981

http://secunia.com/advisories/42978

Vendor Advisory

http://www.securityfocus.com/bid/45854

http://www.zerodayinitiative.com/advisories/ZDI-11-020/

https://exchange.xforce.ibmcloud.com/vulnerabilities/64772

https://www.exploit-db.com/exploits/38859/

https://nvd.nist.gov/vuln/detail/CVE-2010-4417

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-4417

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-4417

EUVD