HTTP:Oracle Event Processing FileUploadServlet Directory Traversal
This signature detects attempts to exploit a known directory traversal vulnerability in Oracle Application Server. It is due to improper handling of user data when processing several request parameter values. A remote attacker can exploit this by sending specially crafted request to the target system. A successful attack can allow disclosure of sensitive information.
Extended Description
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.
Affected Products
Oracle fusion_middleware
Short Name
HTTP:ORACLE:EVNTPRO-DIR-TRAV
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2014-2424 Directory Event FileUploadServlet Oracle Processing Traversal bid:66871
Release Date
07/30/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Oracle
CVSS Score
4.0