| CVE ID | CVE-2010-0906 |
| CVSS SCORE | 9.0, AV:N/AC:L/Au:S/C:C/I:C/A:C |
| AFFECTED VENDORS |
Oracle |
| AFFECTED PRODUCTS |
Secure Backup |
| TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['8778']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. Successful exploitation of this can lead to remote compromise under the credentials of the web server. |
| ADDITIONAL DETAILS |
Oracle has issued an update to correct this vulnerability. More details can be found at:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html |
| DISCLOSURE TIMELINE |
|
| CREDIT | Anonymous |
