Vulnerability Details : CVE-2014-2424
Public exploit exists!
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.
Products affected by CVE-2014-2424
- cpe:2.3:a:oracle:fusion_middleware:11.1.1.7.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2424
97.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-2424
-
Oracle Event Processing FileUploadServlet Arbitrary File Upload
Disclosure Date: 2014-04-21First seen: 2020-04-26exploit/windows/http/oracle_event_processing_uploadThis module exploits an arbitrary file upload vulnerability in Oracle Event Processing 11.1.1.7.0. The FileUploadServlet component, which requires no authentication, can be abused to upload a malicious file onto an arbitrary location due to a directory traversal flaw
CVSS scores for CVE-2014-2424
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST |
References for CVE-2014-2424
-
http://www.exploit-db.com/exploits/33989
Oracle Event Processing FileUploadServlet - Arbitrary File Upload (Metasploit) - Windows remote Exploit
-
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Oracle Critical Patch Update - April 2014Vendor Advisory
-
http://www.securityfocus.com/bid/66871
Oracle Event Processing CVE-2014-2424 Remote Code Execution Vulnerability
-
http://packetstormsecurity.com/files/127365/Oracle-Event-Processing-FileUploadServlet-Arbitrary-File-Upload.html
Oracle Event Processing FileUploadServlet Arbitrary File Upload ≈ Packet Storm
Jump to