Signature Detail

Short Name	HTTP:ORACLE-ID-MANAGER-REDIREC1
Severity	Medium
Recommended	No
Category	HTTP
Keywords	Oracle Identity Manager backUrl Parameter Open Redirect1
Release Date	2015/10/07
Update Number	2543
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vsrx-12.1+

HTTP: Oracle Identity Manager backUrl Parameter Open Redirect1

This signature detects attempts to exploit a known vulnerability in the Oracle Identity Manager WebUI. It is due to insufficient validation of user-supplied input. A successful exploit may aid in phishing attacks, other attacks are possible.

Extended Description

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Affected Products

oracle jdk 1.5.0
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.5.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0

References

BugTraq: 68599
CVE: CVE-2014-4262

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Oracle Identity Manager backUrl Parameter Open Redirect1

Extended Description

Affected Products

References