virus logo Intrusion Prevention

Oracle.Secure.Backup.Administration.Selector.Code.Execution

description-logoDescription

This indicates an attack attempt against a command-injection vulnerability in Oracle Secure Backup.
A vulnerability has been reported in Oracle Secure Backup that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "selector" parameter value that is passed to "index.php". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST or the COOKIE.

affected-products-logoAffected Products

Oracle Secure Backup 10.3.0.1 and the prior version

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.oracle.com/technetwork/topics/security/cpujul2010-155308.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://www.zerodayinitiative.com/advisories/ZDI-10-122/ http://www.zerodayinitiative.com/advisories/ZDI-10-120 http://www.zerodayinitiative.com/advisories/ZDI-10-121
ID 23835
Created Nov 04, 2010
Updated May 15, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2010-0906
Exploit Prediction Score 97.21%
Default Action drop
Active
Affected OS Windows, Linux, MacOS, Other
Affected App Oracle