7.5

CVE-2010-4417

EPSS 72.46%
Published 19.01.2011 16:00:03
Last modified 11.04.2025 00:51:21
Source secalert_us@oracle.com
Teams watchlist Login
Open Login

Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Beehive Version2.0.1.0

Oracle ≫ Beehive Version2.0.1.1

Oracle ≫ Beehive Version2.0.1.2

Oracle ≫ Beehive Version2.0.1.2.1

Oracle ≫ Beehive Version2.0.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	72.46%	0.986

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0143

Vendor Advisory

http://www.securitytracker.com/id?1024981

http://secunia.com/advisories/42978

Vendor Advisory

http://www.securityfocus.com/bid/45854

http://www.zerodayinitiative.com/advisories/ZDI-11-020/

https://exchange.xforce.ibmcloud.com/vulnerabilities/64772

https://www.exploit-db.com/exploits/38859/

https://nvd.nist.gov/vuln/detail/CVE-2010-4417

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-4417

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-4417

EUVD