ZDI-11-137: Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability

Posted by ZDI Disclosures on Apr 19

ZDI-11-137: Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-137

April 19, 2011

— CVE ID:
CVE-2011-0807

— CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)

— Affected Vendors:
Oracle

— Affected Products:
Oracle Application Server

— TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital…

Source: ZDI-11-137: Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability