PT-2004-2285 · Oracle · Oracle 10G Application Server

David Litchfield

Publicado

2004-08-04

Atualizado

2017-07-11

CVE-2004-1368

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Oracle 10g Application Server

Description: The issue allows remote attackers to execute arbitrary files. This is achieved by providing an absolute pathname in the file parameter to the load.uix script in ISQL*Plus.

Recommendations: For Oracle 10g Application Server, consider restricting access to the load.uix script to prevent exploitation. As a temporary workaround, avoid using absolute pathnames in the file parameter until a fix is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1368

Produtos afetados

Oracle 10G Application Server

PT-2004-2285 · Oracle · Oracle 10G Application Server

CVE-2004-1368

Identificadores relacionados

Produtos afetados

Referências · 9