Vulnerabilities > CVE-2014-2399 - Cross-Site Request Forgery vulnerability in Oracle Fusion Middleware 2.2.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400. Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html "Please refer to My Oracle Support Note 1629648.1 for instructions on how to address this issue."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Endeca Latitude 2.2.2 - CSRF Vulnerability. CVE-2014-2399. Webapps exploits for multiple platform |
file | exploits/multiple/webapps/33897.txt |
id | EDB-ID:33897 |
last seen | 2016-02-03 |
modified | 2014-06-27 |
platform | multiple |
port | |
published | 2014-06-27 |
reporter | RedTeam Pentesting |
source | https://www.exploit-db.com/download/33897/ |
title | Endeca Latitude 2.2.2 - CSRF Vulnerability |
type | webapps |
Packetstorm
data source | https://packetstormsecurity.com/files/download/127222/rt-sa-2013-002.txt |
id | PACKETSTORM:127222 |
last seen | 2016-12-05 |
published | 2014-06-25 |
reporter | redteam-pentesting.de |
source | https://packetstormsecurity.com/files/127222/Endeca-Latitude-2.2.2-Cross-Site-Request-Forgery.html |
title | Endeca Latitude 2.2.2 Cross Site Request Forgery |
References
- http://packetstormsecurity.com/files/127222/Endeca-Latitude-2.2.2-Cross-Site-Request-Forgery.html
- http://seclists.org/fulldisclosure/2014/Jun/123
- http://www.exploit-db.com/exploits/33897
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/archive/1/532556/100/0/threaded
- http://www.securityfocus.com/bid/66864