CVE-2010-4417

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 2.0.1.0 through 2.0.1.3

Description The issue affects confidentiality, integrity, and availability. It is related to the handling of null bytes in the evaluation parameter used in a filename, potentially allowing attackers to create a file with an executable extension and execute arbitrary JSP code via unknown vectors.

Recommendations For versions 2.0.1.0 through 2.0.1.3, consider restricting access to the voice-servlet component until a patch is available. As a temporary workaround, avoid using the evaluation parameter in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.