CVE-2010-3600
First published: Wed Jan 19 2011(Updated: )
Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Database | =11.2.0.1 | |
| Oracle Enterprise Manager | =10.2.0.5 | |
| Oracle Database | =11.1.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
- http://secunia.com/advisories/42895
- http://www.securitytracker.com/id?1024972
- http://www.vupen.com/english/advisories/2011/0139
- http://secunia.com/advisories/42921
- http://www.zerodayinitiative.com/advisories/ZDI-11-018/
- http://www.vupen.com/english/advisories/2011/0140
- http://www.securityfocus.com/bid/45883
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64755
Frequently Asked Questions
What is the severity of CVE-2010-3600?
CVE-2010-3600 has been reported to potentially affect the confidentiality, integrity, and availability of Oracle Database Server and Enterprise Manager.
How do I fix CVE-2010-3600?
To address CVE-2010-3600, it is recommended to update to the latest version of Oracle Database Server or Enterprise Manager Grid Control as per vendor guidance.
What software versions are affected by CVE-2010-3600?
CVE-2010-3600 affects Oracle Database Server versions 11.1.0.7 and 11.2.0.1, as well as Oracle Enterprise Manager Grid Control version 10.2.0.5.
Can CVE-2010-3600 be exploited remotely?
Yes, CVE-2010-3600 allows remote attackers to exploit the vulnerability, impacting system integrity.
What components are involved in CVE-2010-3600?
CVE-2010-3600 involves an unspecified vulnerability in the Client System Analyzer component of Oracle Database Server and Enterprise Manager.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/oracle
- canonical/oracle database
- version/oracle database/11.2.0.1
- canonical/oracle enterprise manager
- version/oracle enterprise manager/10.2.0.5
- version/oracle database/11.1.0.7