Signature Detail

Short Name	HTTP:STC:ACTIVEX:ORACLE-DATAINT
Severity	High
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Oracle Data Integrator Unsafe ActiveX Control
Release Date	2014/07/09
Update Number	2397
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Oracle Data Integrator Unsafe ActiveX Control

This signature detects attempts to use unsafe ActiveX control in Oracle Data Integrator. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

References

CVE: CVE-2014-2416
URL: http://www.zerodayinitiative.com/advisories/ZDI-14-107/
URL: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#appendixjav

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Oracle Data Integrator Unsafe ActiveX Control

References