Vulnerability Description
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite or delete arbitrary files via a full pathname in the second argument to the DownloadSingleMessageToFile method in the EMPOP3Lib ActiveX component (empop3.dll).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Fusion Middleware | 10.1.3.4 |
References
- http://dsecrg.com/pages/vul/show.php?id=305
- http://secunia.com/advisories/42976
- http://www.exploit-db.com/exploits/16055
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/515959/100/0/threaded
- http://www.securityfocus.com/bid/45851
- http://www.securitytracker.com/id?1024981
- http://www.vupen.com/english/advisories/2011/0143Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64768
- http://dsecrg.com/pages/vul/show.php?id=305
- http://secunia.com/advisories/42976
- http://www.exploit-db.com/exploits/16055
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/515959/100/0/threaded
- http://www.securityfocus.com/bid/45851
FAQ
What is CVE-2010-3591?
CVE-2010-3591 is a vulnerability with a CVSS score of 9.3 (HIGH). Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via ...
How severe is CVE-2010-3591?
CVE-2010-3591 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3591?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Fusion Middleware.