Lucene search
Andrea Micalizzi (rgod)ZDI-14-106HistoryApr 21, 2014 - 12:00 a.m.
Oracle Event Processing FileUploadServlet Remote Code Execution Vulnerability
2014-04-2100:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
17
0.974 High
EPSS
Percentile
99.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Event Processing. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. An attacker can leverage this vulnerability to write files under the context of the user and achieve remote code execution.
Related
cve
cve
CVE-2014-2424
2014-04-16 02:55:15
cvelist
cvelist
CVE-2014-2424
2014-04-16 02:05:00
nessus
nessus
nvd
nvd
CVE-2014-2424
2014-04-16 02:55:15
zdt
zdt
Oracle Event Processing FileUploadServlet Arbitrary File Upload Exploit
2014-07-06 00:00:00
packetstorm
packetstorm
Oracle Event Processing FileUploadServlet Arbitrary File Upload
2014-07-06 00:00:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Design/Logic Flaw
2014-04-16 02:55:00
oracle
oracle
Oracle Critical Patch Update - April 2014
2014-04-15 00:00:00
securityvulns
securityvulns