CVE-2010-3595 - Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.

CVE-2010-3595

Summary

Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can read arbitrary files via a full pathname in the first argument to the ImportBodyText method in the EasyMail ActiveX control (emsmtp.dll).

References

Vulnerable Configurations

cpe:2.3:a:oracle:fusion_middleware:10.1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware:10.1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware:10.1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware:10.1.3.5:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 10-10-2018 - 20:04)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:N/A:N

refmap via4

bid	45849
bugtraq	20110125 [DSECRG-11-007] Oracle Document Capture ImportBodyText - read files
confirm	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
exploit-db	16056
misc	http://dsecrg.com/pages/vul/show.php?id=307
sectrack	1024981
secunia	42976
vupen	ADV-2011-0143
xf	oracle-document-importserver-info-disc(64770)

Last major update

10-10-2018 - 20:04

Published

19-01-2011 - 16:00

Last modified

10-10-2018 - 20:04