Lucene search
SAINT CorporationSAINT:A6E82FEE4303C216883BEA8DE2858B3CHistorySep 04, 2013 - 12:00 a.m.
Oracle Endeca Server createDataStore method command execution
2013-09-0400:00:00
SAINT Corporation
www.saintcorporation.com
21
0.973 High
EPSS
Percentile
99.8%
Added: 09/04/2013
CVE: CVE-2013-3763
BID: 61217
OSVDB: 95269
Background
Oracle Endeca Server is a hybrid search-analytical database.
Problem
A vulnerability in the **controlSoapBinding** service allows remote attackers to execute arbitrary commands by sending a request for the **createDataStore** method with a specially crafted **dataFiles** parameter.
Resolution
Apply the patch referenced in the July 2013 Critical Patch Update.
References
<http://www.zerodayinitiative.com/advisories/ZDI-13-190/>
Limitations
Exploit works on Oracle Endeca Server 7.4.0 on Windows Server 2008 R2 SP1 (DEP OptOut).
Platforms
Windows
Related
packetstorm
packetstorm
Oracle Endeca Server Remote Command Execution
2013-08-24 00:00:00
zdi
zdi
checkpoint_advisories
checkpoint_advisories
saint
saint
Oracle Endeca Server createDataStore method command execution
2013-09-04 00:00:00
Oracle Endeca Server createDataStore method command execution
2013-09-04 00:00:00
Oracle Endeca Server createDataStore method command execution
2013-09-04 00:00:00
zdt
zdt
Oracle Endeca Server Remote Command Execution Vulnerability
2013-08-25 00:00:00
prion
prion
Design/Logic Flaw
2013-07-17 13:41:00
Design/Logic Flaw
2013-07-17 13:41:00
cvelist
cvelist
CVE-2013-3763
2013-07-17 10:00:00
CVE-2013-3764
2013-07-17 10:00:00
cve
cve
CVE-2013-3764
2013-07-17 13:41:00
CVE-2013-3763
2013-07-17 13:41:00
oracle
oracle
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00
securityvulns
securityvulns