CVE-2014-0426

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware version 10.1.3.5

Description The issue affects the integrity of the system via vectors related to HTTP Request Handling. It is related to an error in processing the Request-URI, which can be exploited to access arbitrary scripts outside the application directory using directory traversal constructs in Windows operating systems.

Recommendations For Oracle Fusion Middleware version 10.1.3.5, consider restricting access to the HTTP Request Handling component until a patch is available. As a temporary workaround, limit the use of the Request-URI processing functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.