Oracle Access Manager WebGate Subcomponent Unspecified Remote Information Disclosure CVE-2014-2404

Exploit Title: Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure
Product: Access Manager component in Oracle Fusion Middleware
Vendor: Oracle
Vulnerable Versions: 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0
Advisory Publication: Apr 15, 2014
Latest Update: Apr 15, 2014
Vulnerability Type: Information Exposure [CWE-200]
CVE Reference: CVE-2014-2404
Risk Level: Medium
CVSS v2 Base Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) (legend)
Solution Status: Fixed by Vendor
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]

 

 

Exploit Title: Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure
Product: Access Manager component in Oracle Fusion Middleware
Vendor:    Oracle
Vulnerable Versions: 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0
Advisory Publication: Apr 15, 2014
Latest Update:    Apr 15, 2014
Vulnerability Type: Information Exposure [CWE-200]
CVE Reference: CVE-2014-2404
Risk Level: Medium
CVSS v2 Base Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) (legend)
Solution Status: Fixed by Vendor
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]

 

 

 

Extra information
Solution : Apply updates.
http://www.osvdb.org/show/osvdb/105842
https://support.oracle.com/rs?type=doc&id=1618213.1
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1643382.1
Reported by : Jing Wang.
Changelog : 2014-06-13: Updated “Description" section and credits. Added
one link to the “Original Advisory" section.
Reference original advisory : Oracle:
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixFMW
http://www.oracle.com/technetwork/topics/security/cpuapr2014verbose-1972954.html#FMW
https://www.cert.be/advisories/oracle-access-manager-information-disclosure-and-denial-service-vulnerabilities
http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2188432.xml
http://seclists.org/fulldisclosure/2014/Jun/67
http://diebiyi.com/articles/2014/06/oracle-access-manager-oam-vulnerabilities/

Leave a comment

你的電子郵件位址並不會被公開。 必要欄位標記為 *

你可以使用這些 HTML 標籤與屬性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>