Russian Vulnerability Scanner Database

Back to List

CVE-2010-4417

Scores

EPSS

0.725medium72.5%
0%20%40%60%80%100%

Percentile: 72.5%

CVSS

7.5high2.0
0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 2.0
7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

Exploits

Exploit ID: 38859

Source: exploitdb

URL: https://www.exploit-db.com/exploits/38859

Vulnerable Software (1)

Type: Configuration

Vendor: *

Product: beehive

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:beehive:2.0.1.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:beehive:2.0.1.1:*:*:*:*:*:*:*", ...

Source: nvd

End of list