CVE-2005-2372

Published Jul 26, 2005

Last updated 6 hours ago

CVSS info 7.2

Overview

Description: Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:forms:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8F7AD5F-99F2-4549-9407-4F077B2D6DA3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:forms:4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B720808-BCFF-4917-82E3-2F7B11355406"
          },
          {
            "criteria": "cpe:2.3:a:oracle:forms:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8119C936-B996-42F1-9141-D3DECAB1949E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:forms:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38D1AB63-14C5-4343-962B-BC8FC03B412A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:forms:6i:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D38985A2-F5F6-4157-92C0-CE80B7F37013"
          },
          {
            "criteria": "cpe:2.3:a:oracle:forms:9i:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75E934ED-92DE-47C3-94C4-6714A32FC32A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:forms:10g:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53D0E1F5-89E9-4C1E-B20A-6EF175D8AE70"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References