Vulnerabilities > CVE-2010-4417 - Unspecified vulnerability in Oracle Beehive
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Exploit-Db
| description | Oracle BeeHive 2 voice-servlet processEvaluation() Vulnerability. CVE-2010-4417. Remote exploit for windows platform |
| file | exploits/windows/remote/38859.rb |
| id | EDB-ID:38859 |
| last seen | 2016-02-04 |
| modified | 2015-12-03 |
| platform | windows |
| port | 7777 |
| published | 2015-12-03 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/38859/ |
| title | Oracle BeeHive 2 voice-servlet processEvaluation Vulnerability |
| type | remote |
Metasploit
| description | This module exploits a vulnerability found in Oracle BeeHive. The processEvaluation method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM. |
| id | MSF:EXPLOIT/WINDOWS/HTTP/ORACLE_BEEHIVE_EVALUATION |
| last seen | 2020-06-10 |
| modified | 2017-07-24 |
| published | 2015-11-25 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/oracle_beehive_evaluation.rb |
| title | Oracle BeeHive 2 voice-servlet processEvaluation() Vulnerability |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/134613/oracle_beehive_evaluation.rb.txt |
| id | PACKETSTORM:134613 |
| last seen | 2016-12-05 |
| published | 2015-12-03 |
| reporter | mr_me |
| source | https://packetstormsecurity.com/files/134613/Oracle-BeeHive-2-Code-Execution.html |
| title | Oracle BeeHive 2 Code Execution |
References
- http://secunia.com/advisories/42978
- http://secunia.com/advisories/42978
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
- http://www.securityfocus.com/bid/45854
- http://www.securityfocus.com/bid/45854
- http://www.securitytracker.com/id?1024981
- http://www.securitytracker.com/id?1024981
- http://www.vupen.com/english/advisories/2011/0143
- http://www.vupen.com/english/advisories/2011/0143
- http://www.zerodayinitiative.com/advisories/ZDI-11-020/
- http://www.zerodayinitiative.com/advisories/ZDI-11-020/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64772
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64772
- https://www.exploit-db.com/exploits/38859/
- https://www.exploit-db.com/exploits/38859/