Lucene search

CVE-2014-2424

🗓️ 16 Apr 2014 02:15:55Reported by oracleType

cve🔗 web.nvd.nist.gov👁 51 Views🌐 WEB

Unspecified vulnerability in Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.

Reporter	Title	Published	Views	Family All 13
NVD	CVE-2014-2424	16 Apr 201402:55	–	nvd
seebug.org	Oracle Event Processing FileUploadServlet Arbitrary File Upload	8 Jul 201400:00	–	seebug
Cvelist	CVE-2014-2424	16 Apr 201402:05	–	cvelist
Tenable Nessus	Oracle Event Processing CVE-2014-2424 Unspecified Vulnerability (April 2014 CPU)	20 May 201400:00	–	nessus
Zero Day Initiative	Oracle Event Processing FileUploadServlet Remote Code Execution Vulnerability	21 Apr 201400:00	–	zdi
Packet Storm	Oracle Event Processing FileUploadServlet Arbitrary File Upload	6 Jul 201400:00	–	packetstorm
0day.today	Oracle Event Processing FileUploadServlet Arbitrary File Upload Exploit	6 Jul 201400:00	–	zdt
Check Point Advisories	Oracle Event Processing FileUploadServlet Directory Traversal (CVE-2014-2424)	24 Aug 201400:00	–	checkpoint_advisories
Metasploit	Oracle Event Processing FileUploadServlet Arbitrary File Upload	29 Jun 201420:44	–	metasploit
Prion	Design/Logic Flaw	16 Apr 201402:55	–	prion

Nvd

Node

oracle fusion_middlewareMatch11.1.1.7.0

Source	Link
securityfocus	www.securityfocus.com/bid/66871
osvdb	www.osvdb.org/105844
oracle	www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
exploit-db	www.exploit-db.com/exploits/33989
packetstormsecurity	www.packetstormsecurity.com/files/127365/Oracle-Event-Processing-FileUploadServlet-Arbitrary-File-Upload.html

Parameter	Position	Path	Description	CWE
Filename	request body	/wlevs/visualizer/upload	This endpoint allows arbitrary file upload due to a directory traversal vulnerability.	CWE-22, CWE-434
uploadfile	request body	/wlevs/visualizer/upload	This endpoint allows arbitrary file upload due to a directory traversal vulnerability.	CWE-22, CWE-434
navSetId	query param	/ohw/help/state	This endpoint is used to check the version of Oracle Event Processing.
navId	query param	/ohw/help/state	This endpoint is used to check the version of Oracle Event Processing.
destination	query param	/ohw/help/state	This endpoint is used to check the version of Oracle Event Processing.

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Apr 2014 02:55Current

5.3Medium risk

Vulners AI Score5.3

CVSS24

EPSS0.7776