Vulnerabilities > CVE-2013-3763 - Remote Code Execution vulnerability in Oracle Fusion Middleware 7.4.0/7.5.1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Oracle Endeca Server Remote Command Execution. CVE-2013-3763. Remote exploit for windows platform |
| id | EDB-ID:27877 |
| last seen | 2016-02-03 |
| modified | 2013-08-26 |
| published | 2013-08-26 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/27877/ |
| title | Oracle Endeca Server Remote Command Execution |
Metasploit
| description | This module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. In addition, the injection has been found to be Windows specific. This module has been tested successfully on Endeca Server 7.4.0.787 over Windows 2008 R2 (64 bits). |
| id | MSF:EXPLOIT/WINDOWS/HTTP/ORACLE_ENDECA_EXEC |
| last seen | 2020-06-13 |
| modified | 2017-07-24 |
| published | 2013-08-21 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/oracle_endeca_exec.rb |
| title | Oracle Endeca Server Remote Command Execution |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/122949/oracle_endeca_exec.rb.txt |
| id | PACKETSTORM:122949 |
| last seen | 2016-12-05 |
| published | 2013-08-24 |
| reporter | rgod |
| source | https://packetstormsecurity.com/files/122949/Oracle-Endeca-Server-Remote-Command-Execution.html |
| title | Oracle Endeca Server Remote Command Execution |
Saint
| bid | 61217 |
| description | Oracle Endeca Server createDataStore method command execution |
| osvdb | 95269 |
| title | oracle_endeca_createdatastore |
| type | remote |