Exploit Title: Oracle Access Manager Webserver Plugin Subcomponent Unspecified Remote DoS
Product: Access Manager component in Oracle Fusion Middleware
Vulnerable Versions: 10.1.4.3, 220.127.116.11.0, 18.104.22.168.0, 22.214.171.124.0, 126.96.36.199.0, 188.8.131.52.0, and 184.108.40.206.0
Advisory Publication: Apr 15, 2014
Latest Update: Apr 15, 2014
Vulnerability Type: Uncontrolled Resource Consumption [CWE-400]
CVE Reference: CVE-2014-2452
Risk Level: Medium
CVSS v2 Base Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) (legend)
Solution Status: Fixed by Vendor
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]
Jing Wang has reported two vulnerabilities in Oracle Access Manager, which can be exploited by malicious users to disclose potentially sensitive information and cause a DoS (Denial of Service).
1) An unspecified error within the “WebGate” sub-component can be exploited to disclose certain Oracle Access Manager accessible data.
This vulnerability is reported in versions 10.1.4.3, 220.127.116.11.0, 18.104.22.168.0, 22.214.171.124.0, 126.96.36.199.0, 188.8.131.52.0, and 184.108.40.206.0.
2) An unspecified error within the “Webserver Plugin” sub-component can be exploited to cause a hang or frequently repeatable crash of the application.
This vulnerability is reported in version 220.127.116.11.