Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400.
Informations du CVE
Faiblesses connexes
| Nom de la faiblesse | Source | |
|---|---|---|
| No informations. |
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:P/A:N | nvd@nist.gov |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 33897
Date de publication : 2014-06-26 22h00 +00:00
Auteur : RedTeam Pentesting
EDB Vérifié : Yes
Advisory: Endeca Latitude Cross-Site Request Forgery
RedTeam Pentesting discovered a Cross-Site Request Forgery (CSRF)
vulnerability in Endeca Latitude. Using this vulnerability, an attacker
might be able to change several different settings of the Endeca
Latitude instance or disable it entirely.
Details
=======
Product: Endeca Latitude
Affected Versions: 2.2.2, potentially others
Fixed Versions: N/A
Vulnerability Type: Cross-Site Request Forgery
Security Risk: low
Vendor URL: N/A
Vendor Status: decided not to fix
Advisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2013-002
Advisory Status: published
CVE: CVE-2014-2399
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2399
Introduction
============
Endeca Latitude is an enterprise data discovery platform for advanced,
yet intuitive, exploration and analysis of complex and varied data.
Information is loaded from disparate source systems and stored in a
faceted data model that dynamically supports changing data. This
integrated and enriched data is made available for search, discovery,
and analysis via interactive and configurable applications.
(from the vendor's homepage)
More Details
============
Endeca Latitude offers administrators the ability to perform different
administrative and configuration operations by accessing URLs.
These URLs are not secured by a randomly generated token and therefore
are prone to Cross-Site Request Forgery attacks.
For example by accessing the URL http://example.com/admin?op=exit an
administrator can shut down the Endeca Latitude instance. Several other
URLs exist (as documented at [1] and [2]) which can be used to trigger
operations such as flushing cashes or changing the logging settings.
Proof of Concept
================
An attacker might prepare a website, which can trigger arbitrary
functionality (see [1] and [2]) of an Endeca Latitude instance if
someone opens the attacker's website in a browser that can reach Endeca
Latitude. An easy way to implement this is to embed a hidden image into
an arbitrary website which uses the corresponding URL as its source:
<img src="http://example.com/admin?op=exit" style="display:hidden" />
<img src="http://example.com/config?op=log-disable" style="display:hidden" />
[...]
Workaround
==========
The vendor did not update the vulnerable software, but recommends to
configure all installations to require mutual authentication using TLS
certificates for both servers and clients, while discouraging users from
installing said client certificates in browsers.
Fix
===
Not available. The vendor did not update the vulnerable software to
remedy this issue.
Security Risk
=============
The vulnerability can enable attackers to be able to interact with an
Endeca Latitude instance in different ways. Possible attacks include the
changing of settings as well as denying service by shutting down a
running instance. Attackers mainly benefit from this vulnerability if
the instance is not already available to them, but for example only to
restricted IP addresses or after authentication. Since this makes it
harder to identify potential target systems and the attack mainly allows
to disturb the service until it is re-started, the risk of this
vulnerability is considered to be low.
Timeline
========
2013-10-06 Vulnerability identified
2013-10-08 Customer approved disclosure to vendor
2013-10-15 Vendor notified
2013-10-17 Vendor responded that investigation/fixing is in progress
2014-02-24 Vendor responded that bug is fixed and scheduled for a future
CPU
2014-03-13 Vendor responded with additional information about a
potential workaround
2014-04-15 Vendor releases Critical Patch Update Advisory with little
information on the proposed fix
2014-04-16 More information requested from vendor
2014-05-02 Vendor responds with updated information
2014-06-25 Advisory released
References
==========
[1] http://docs.oracle.com/cd/E29220_01/mdex.222/admin/toc.htm#List%20of%20administrative%20operations
[2] http://docs.oracle.com/cd/E29220_01/mdex.222/admin/toc.htm#List%20of%20supported%20logging%20variables
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses in company networks or products are uncovered and can be
fixed immediately.
As there are only few experts in this field, RedTeam Pentesting wants to
share its knowledge and enhance the public knowledge with research in
security related areas. The results are made available as public
security advisories.
More information about RedTeam Pentesting can be found at
https://www.redteam-pentesting.de.
--
RedTeam Pentesting GmbH Tel.: +49 241 510081-0
Dennewartstr. 25-27 Fax : +49 241 510081-99
52068 Aachen https://www.redteam-pentesting.de
Germany Registergericht: Aachen HRB 14004
Geschäftsführer: Patrick Hof, Jens Liebchen
Products Mentioned
Configuraton 0
Oracle>>Fusion_middleware >> Version 2.2.2
- Oracle>>Fusion_middleware >> Version 2.2.2 (Open CPE detail)
Références
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
http://packetstormsecurity.com/files/127222/Endeca-Latitude-2.2.2-Cross-Site-Request-Forgery.html
Tags : x_refsource_MISC
Tags : x_refsource_MISC
http://www.securityfocus.com/archive/1/532556/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ
Tags : mailing-list, x_refsource_BUGTRAQ
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.