Vulnerabilities > CVE-2013-5877 - Remote Security vulnerability in Oracle products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
oracle
exploit available
metasploit
NVD
Published: 2014-01-15
Updated: 2014-02-07

Summary

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.

Vulnerable Configurations

Part Description Count
Application
Oracle
5

Exploit-Db

descriptionOracle Demantra 12.2.1 - Arbitrary File Disclosure. CVE-2013-5877. Webapps exploit for windows platform
idEDB-ID:31992
last seen2016-02-03
modified2014-03-01
published2014-03-01
reporterPortcullis
sourcehttps://www.exploit-db.com/download/31992/
titleOracle Demantra 12.2.1 - Arbitrary File Disclosure

Metasploit

descriptionThis module exploits a file download vulnerability found in Oracle Demantra 12.2.1 in combination with an authentication bypass. By combining these exposures, an unauthenticated user can retrieve any file on the system by referencing the full file path to any file a vulnerable machine.
idMSF:AUXILIARY/SCANNER/HTTP/ORACLE_DEMANTRA_FILE_RETRIEVAL
last seen2020-05-20
modified2019-03-05
published2014-03-27
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/oracle_demantra_file_retrieval.rb
titleOracle Demantra Arbitrary File Retrieval with Authentication Bypass

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/125482/oracledemantra-lfi.txt
idPACKETSTORM:125482
last seen2016-12-05
published2014-03-01
reporterOliver Gruskovnjak
sourcehttps://packetstormsecurity.com/files/125482/Oracle-Demantra-12.2.1-Arbitrary-File-Retrieval.html
titleOracle Demantra 12.2.1 Arbitrary File Retrieval

References