CVE-2010-4417 Information

Description

Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0 2.0.1.1 2.0.1.2 2.0.1.2.1 and 2.0.1.3 allows remote attackers to affect confidentiality integrity and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (00) bytes in the evaluation parameter that is used in a filename which allows attackers to create a file with an executable extension and execute arbitrary JSP code.

Reference

http://secunia.com/advisories/42978 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45854 http://www.securitytracker.com/id?1024981 http://www.vupen.com/english/advisories/2011/0143 http://www.zerodayinitiative.com/advisories/ZDI-11-020/ https://exchange.xforce.ibmcloud.com/vulnerabilities/64772 https://www.exploit-db.com/exploits/38859/