CVE-2009-1977 - Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 all

CVE-2009-1977

Summary

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows attackers to bypass authentication via unknown vectors involving the username parameter and login.php.

References

Vulnerable Configurations

cpe:2.3:a:oracle:secure_backup:10.2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:secure_backup:10.2.0.3:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 17-08-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

d2sec via4

name	Oracle Secure Backup 10.3.0.1 RCE
url	http://www.d2sec.com/exploits/oracle_secure_backup_10.3.0.1_rce.html

refmap via4

bid	35672
confirm	http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
misc	http://www.zerodayinitiative.com/advisories/ZDI-09-058/
osvdb	55903
sectrack	1022565
secunia	35776
vupen	ADV-2009-1900
xf	oracle-securebackup-sbc-unspecified(51761)

Last major update

17-08-2017 - 01:30

Published

14-07-2009 - 23:30

Last modified

17-08-2017 - 01:30