FKIE_CVE-2010-3595

Vulnerability from fkie_nvd - Published: 2011-01-19 16:00 - Updated: 2026-04-29 01:13
Severity
Summary
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can read arbitrary files via a full pathname in the first argument to the ImportBodyText method in the EasyMail ActiveX control (emsmtp.dll).
References
secalert_us@oracle.comhttp://dsecrg.com/pages/vul/show.php?id=307
secalert_us@oracle.comhttp://secunia.com/advisories/42976
secalert_us@oracle.comhttp://www.exploit-db.com/exploits/16056
secalert_us@oracle.comhttp://www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlVendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/archive/1/515957/100/0/threaded
secalert_us@oracle.comhttp://www.securityfocus.com/bid/45849
secalert_us@oracle.comhttp://www.securitytracker.com/id?1024981
secalert_us@oracle.comhttp://www.vupen.com/english/advisories/2011/0143Vendor Advisory
secalert_us@oracle.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/64770
af854a3a-2127-422b-91ae-364da2661108http://dsecrg.com/pages/vul/show.php?id=307
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42976
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/16056
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/515957/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45849
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1024981
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0143Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/64770
Impacted products
Vendor Product Version
oracle fusion_middleware 10.1.3.4
oracle fusion_middleware 10.1.3.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware:10.1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "62C295FB-3AFC-4051-AA7F-9BC8B56B4501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware:10.1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17FCAA6C-F1A6-469D-9449-9A99D3E70A70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from the original researcher that remote attackers can read arbitrary files via a full pathname in the first argument to the ImportBodyText method in the EasyMail ActiveX control (emsmtp.dll)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en el componente captura de documentos de Oracle Fusion Middleware v10.1.3.4 y v10.1.3.5 permite a atacantes remotos afectar a la confidencialidad a trav\u00e9s de vectores desconocidos relacionados con el servidor de importaci\u00f3n."
    }
  ],
  "id": "CVE-2010-3595",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-01-19T16:00:02.797",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "http://dsecrg.com/pages/vul/show.php?id=307"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://secunia.com/advisories/42976"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.exploit-db.com/exploits/16056"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/archive/1/515957/100/0/threaded"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/bid/45849"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securitytracker.com/id?1024981"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0143"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dsecrg.com/pages/vul/show.php?id=307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/16056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/515957/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64770"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.