Detections
Analytics
Oracle Secure Backup Administration Server login.php Authentication Bypass
high Nessus Plugin ID 47747
Language:
Synopsis
The remote web server contains an application that is affected by an authentication bypass vulnerability.Description
The remote version of Oracle Secure Backup Administration Server fails to correctly validate a successful login based on the input passed to 'uname' parameter in script 'login.php'. By setting 'uname' to a specially crafted value, it may be possible for a remote unauthenticatd attacker to bypass authentication, and access information reserved for authenticated users.Solution
Apply patches referenced in the vendor advisory above.See Also
https://www.zerodayinitiative.com/advisories/ZDI-10-118/
https://seclists.org/fulldisclosure/2010/Jul/190
https://www.oracle.com/technetwork/topics/security/cpujul2010-155308.html
Plugin Details
Severity: High
ID: 47747
File Name: oracle_secure_backup_uname_auth_bypass.nasl
Version: 1.22
Type: remote
Family: CGI abuses
Published: 7/16/2010
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.0
CVSS v2
Risk Factor: High
Base Score: 9.7
Temporal Score: 8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:P
Vulnerability Information
CPE: cpe:/a:oracle:secure_backup
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Exploited by Nessus: true
Patch Publication Date: 7/13/2010
Vulnerability Publication Date: 7/13/2010
Exploitable With
Core Impact
Metasploit (Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability)
Reference Information
CVE: CVE-2010-0904
BID: 41608
Secunia: 40595