CVE-2013-5880
published 2014-01-15CVE-2013-5880: Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote…
PriorityP351medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
59.56%
99.0th percentile
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | supply_chain_products_suite | — | — |
| oracle | supply_chain_products_suite | — | — |
| oracle | supply_chain_products_suite | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect path traversal attempts targeting GraphServlet via loginCheck.jsp bypass — look for HTTP POST requests containing the pattern 'loginCheck.jsp/../../GraphServlet' in the URI. ↗
- →Detect POST requests to /demantra/ endpoints with a 'filename' parameter in the body, which indicates an attempted arbitrary file retrieval. ↗
- →The authentication bypass is achieved by embedding path traversal sequences (../../) within the loginCheck.jsp path segment to reach GraphServlet without authentication. ↗
- →Monitor for unauthenticated access to Oracle Demantra GraphServlet resulting in database credential disclosure (database name, username, password). ↗
- →The vulnerability is exploited over HTTP; monitor port 8080 on Oracle Demantra hosts for suspicious POST requests to /demantra/ paths. ↗
- ·Affected versions are limited to Oracle Demantra Demand Management 12.2.0, 12.2.1, and 12.2.2 only. ↗
- ·The default file targeted for credential/config leakage is WEB-INF/web.xml under the Demantra Spectrum Collaborator installation path; actual path may vary by deployment. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Oracle Supply Chain Products Suite - Remote Security
exploitdb·2014-01-14
CVE-2013-5880 Oracle Supply Chain Products Suite - Remote Security
Oracle Supply Chain Products Suite - Remote Security
---
source: https://www.securityfocus.com/bid/64836/info
Oracle Supply Chain Products Suite is prone to a remote vulnerability in Oracle Demantra Demand Management.
The vulnerability can be exploited over the 'HTTP' protocol. The 'DM Others' sub component is affected.
Attackers can exploit this issue to obtain sensitive information.
This vulnerability affects the following supported versions:
12.2.0, 12.2.1, 12.2.2
POST /demantra/common/loginCheck.jsp/../../GraphServlet HTTP/1.1
Host: target.com:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT:
Metasploit
Oracle Demantra Arbitrary File Retrieval with Authentication Bypass
metasploit
Oracle Demantra Arbitrary File Retrieval with Authentication Bypass
Oracle Demantra Arbitrary File Retrieval with Authentication Bypass
This module exploits a file download vulnerability found in Oracle Demantra 12.2.1 in combination with an authentication bypass. By combining these exposures, an unauthenticated user can retrieve any file on the system by referencing the full file path to any file a vulnerable machine.
Metasploit
Oracle Demantra Database Credentials Leak
metasploit
Oracle Demantra Database Credentials Leak
Oracle Demantra Database Credentials Leak
This module exploits a database credentials leak found in Oracle Demantra 12.2.1 in combination with an authentication bypass. This way an unauthenticated user can retrieve the database name, username and password on any vulnerable machine.
No writeups or analysis indexed.
http://osvdb.org/102095http://secunia.com/advisories/56474http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.securityfocus.com/bid/64758http://www.securityfocus.com/bid/64836http://www.securitytracker.com/id/1029620http://osvdb.org/102095http://secunia.com/advisories/56474http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.securityfocus.com/bid/64758http://www.securityfocus.com/bid/64836http://www.securitytracker.com/id/1029620
2014-01-15
Published