CVE-2009-1978 - Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 all

CVE-2009-1978

Summary

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows remote authenticated users to execute arbitrary code with SYSTEM privileges via vectors involving property_box.php.

References

Vulnerable Configurations

cpe:2.3:a:oracle:secure_backup:10.2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:secure_backup:10.2.0.3:*:*:*:*:*:*:*

CVSS

Base:	9.0 (as of 17-08-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:C/I:C/A:C

d2sec via4

name	Oracle Secure Backup 10.3.0.1 RCE
url	http://www.d2sec.com/exploits/oracle_secure_backup_10.3.0.1_rce.html

refmap via4

bid	35678
confirm	http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
misc	http://www.zerodayinitiative.com/advisories/ZDI-09-059/
osvdb	55904
sectrack	1022565
secunia	35776
vupen	ADV-2009-1900
xf	oracle-sb-sbc-unspecified(51762)

saint via4

bid	35678
description	Oracle Secure Backup property_box.php type parameter command execution
id	database_oracle_backupver
osvdb	55904
title	oracle_secure_backup_property_box_type
type	remote

Last major update

17-08-2017 - 01:30

Published

14-07-2009 - 23:30

Last modified

17-08-2017 - 01:30