CVE-2010-3600

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.1.0.7 through 11.2.0.1 Enterprise Manager Grid Control version 10.2.0.5

Description The issue affects confidentiality, integrity, and availability. It is related to an exposed JSP script that accepts XML uploads, potentially allowing execution of arbitrary code when combined with NULL bytes in an unspecified parameter.

Recommendations For Oracle Database Server versions 11.1.0.7 through 11.2.0.1, consider restricting access to the Client System Analyzer component until a fix is available. For Enterprise Manager Grid Control version 10.2.0.5, avoid using the affected JSP script that accepts XML uploads until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.