CVE

Id
46179  
CVE No.
CVE-2010-3595  
Status
Candidate  
Description
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can read arbitrary files via a full pathname in the first argument to the ImportBodyText method in the EasyMail ActiveX control (emsmtp.dll).  
Phase
Assigned (20100920)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
502748 46179 CVE-2010-3595 BUGTRAQ:20110125 [DSECRG-11-007] Oracle Document Capture ImportBodyText - read files  View
502749 46179 CVE-2010-3595 URL:http://www.securityfocus.com/archive/1/archive/1/515957/100/0/threaded  View
502750 46179 CVE-2010-3595 EXPLOIT-DB:16056  View
502751 46179 CVE-2010-3595 URL:http://www.exploit-db.com/exploits/16056  View
502752 46179 CVE-2010-3595 MISC:http://dsecrg.com/pages/vul/show.php?id=307  View
502753 46179 CVE-2010-3595 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html  View
502754 46179 CVE-2010-3595 BID:45849  View
502755 46179 CVE-2010-3595 URL:http://www.securityfocus.com/bid/45849  View
502756 46179 CVE-2010-3595 SECTRACK:1024981  View
502757 46179 CVE-2010-3595 URL:http://www.securitytracker.com/id?1024981  View
502758 46179 CVE-2010-3595 SECUNIA:42976  View
502759 46179 CVE-2010-3595 URL:http://secunia.com/advisories/42976  View
502760 46179 CVE-2010-3595 VUPEN:ADV-2011-0143  View
502761 46179 CVE-2010-3595 URL:http://www.vupen.com/english/advisories/2011/0143  View
502762 46179 CVE-2010-3595 XF:oracle-document-importserver-info-disc(64770)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
30808 JVNDB-2011-001047 Oracle Fusion Middleware の Oracle Document Capture コンポーネントにおける脆弱性 Oracle Fusion Middleware の Oracle Document Capture コンポーネントには、Import Server に関する処理に不備があるため、完全性および可用性に影響のある脆弱性が存在します。 CVE-2010-3599 46179 9.4 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001047.html  View