Exploit Title: Oracle Access Manager Webserver Plugin Subcomponent Unspecified Remote DoS
Product: Access Manager component in Oracle Fusion Middleware
Vendor:    Oracle
Vulnerable Versions:,,,,,, and
Advisory Publication: Apr 15, 2014
Latest Update:    Apr 15, 2014
Vulnerability Type: Uncontrolled Resource Consumption [CWE-400]
CVE Reference: CVE-2014-2452
Risk Level: Medium
CVSS v2 Base Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) (legend)
Solution Status: Fixed by Vendor
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]





Original advisory
Jing Wang has reported two vulnerabilities in Oracle Access Manager, which can be exploited by malicious users to disclose potentially sensitive information and cause a DoS (Denial of Service).

1) An unspecified error within the “WebGate” sub-component can be exploited to disclose certain Oracle Access Manager accessible data.

This vulnerability is reported in versions,,,,,, and

2) An unspecified error within the “Webserver Plugin” sub-component can be exploited to cause a hang or frequently repeatable crash of the application.

This vulnerability is reported in version






Extra information
Solution : Apply updates.
Reported by : Jing Wang.
Changelog : 2014-06-13: Updated “Description” section and credits. Added
one link to the “Original Advisory” section.
Reference original advisory : Oracle:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>