""ET WEB_SPECIFIC_APPS Oracle Event Processing FileUploadServlet Arbitrary File Upload""
SID: 2018652
Revision: 1
Class Type: web-application-attack
Metadata: created_at 2014_07_08, cve CVE_2014_2424, updated_at 2014_07_08
Reference:
-
cve
-
2014-2424
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HTTP_SERVERS
Destination Port: 9002
Flow: established,to_server
Contents:
-
Value: "POST " Depth: 5
-
Value: "/wlevs/visualizer/upload"
-
Value: "filename"
Within:
PCRE: "/^\s?=\s?[\x22\x27]?[^&]*?(?:%(?:25)?2e(?:%(?:(?:25)?2e(?:%(?:25)?5c|\/|\)|2e(?:25)?%(?:25)?2f)|.(?:%(?:25)?(?:2f|5c)|\/|\))|.(?:%(?:25)?2e(?:%(?:25)?(?:2f|5c)|\/|\)|.(?:%(?:25)?(?:2f|5c)|\/|\)))/Ri"
Special Options: