Published: 14/07/2009 Updated: 17/08/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows malicious users to bypass authentication via unknown vectors involving the username parameter and login.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle secure backup 10.2.0.3

#!/bin/bash #Oracle Secure Backup Administration Server authentication bypass, plus command injection vulnerability #1-day exploit for CVE-2009-1977 and CVE-2009-1978 #PoC script successfully tested on: #Oracle Secure Backup Server 103010_win32_release #MS Windows Professional XP SP3 #In August 2009, ZDI discloses a few details regarding a ...

Oracle Secure Backup Administration Server suffers from authentication bypass and command injection vulnerabilities ...

NVD-CWE-noinfo http://www.vupen.com/english/advisories/2009/1900 http://secunia.com/advisories/35776 http://www.securityfocus.com/bid/35672 http://osvdb.org/55903 http://www.securitytracker.com/id?1022565 http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.zerodayinitiative.com/advisories/ZDI-09-058/https://exchange.xforce.ibmcloud.com/vulnerabilities/51761 https://nvd.nist.gov https://www.exploit-db.com/exploits/9652/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1977

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect