Short Name |
HTTP:ORACLE:EVNTPRO-DIR-TRAV |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Event Processing FileUploadServlet Directory Traversal |
Release Date |
2014/07/30 |
Update Number |
2404 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known directory traversal vulnerability in Oracle Application Server. It is due to improper handling of user data when processing several request parameter values. A remote attacker can exploit this by sending specially crafted request to the target system. A successful attack can allow disclosure of sensitive information.
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.