Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:DIR:ENDECA-ETLSERVER-DT

Severity

 High

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 Oracle Endeca Information Discovery Integrator ETL Server MoveFile Directory Traversal

Release Date

 2015/08/27

Update Number

 2529

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Oracle Endeca Information Discovery Integrator ETL Server MoveFile Directory Traversal


A directory traversal vulnerability exists in Oracle Endeca Information Discovery Integrator ETL Server. The vulnerability is due to insufficient input validation while processing SOAP requests to the MoveFile operation. By sending crafted SOAP requests to the target system, a remote authenticated attacker can leverage this vulnerability to move arbitrary files on a target system with System privileges. This can further lead to information disclosure and eventually arbitrary code execution.

References

  • CVE: CVE-2015-2605

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out