CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
EPSS
Percentile
99.9%
Added: 09/04/2013
CVE: CVE-2013-3763
BID: 61217
OSVDB: 95269
Oracle Endeca Server is a hybrid search-analytical database.
A vulnerability in the **controlSoapBinding**
service allows remote attackers to execute arbitrary commands by sending a request for the **createDataStore**
method with a specially crafted **dataFiles**
parameter.
Apply the patch referenced in the July 2013 Critical Patch Update.
<http://www.zerodayinitiative.com/advisories/ZDI-13-190/>
Exploit works on Oracle Endeca Server 7.4.0 on Windows Server 2008 R2 SP1 (DEP OptOut).
Windows