| CVE ID | CVE-2011-2261 |
| CVSS SCORE | 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P |
| AFFECTED VENDORS |
Oracle |
| AFFECTED PRODUCTS |
Secure Backup |
| TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['11238']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validate_login function defined within /apache/htdocts/php/common.php. The username parameter is passed with limited sanitization to an exec_qr call which can be abused to inject commands. The sanitation that does occur can limit the exploitation of this issue, however code execution can likely still be achieved. Successful attempts will yield remote code execution under the context of the apache server. |
| ADDITIONAL DETAILS |
Oracle has issued an update to correct this vulnerability. More details can be found at:
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html |
| DISCLOSURE TIMELINE |
|
| CREDIT | Tenable Network Security |
