PT-2004-2285 · Oracle · Oracle 10G Application Server

David Litchfield

Published

2004-08-04

Updated

2017-07-11

CVE-2004-1368

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Oracle 10g Application Server

Description: The issue allows remote attackers to execute arbitrary files. This is achieved by providing an absolute pathname in the file parameter to the load.uix script in ISQL*Plus.

Recommendations: For Oracle 10g Application Server, consider restricting access to the load.uix script to prevent exploitation. As a temporary workaround, avoid using absolute pathnames in the file parameter until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1368

Affected Products

Oracle 10G Application Server

PT-2004-2285 · Oracle · Oracle 10G Application Server

CVE-2004-1368

Related Identifiers

Affected Products

References · 9