Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Full Disclosure>
  3. Full-Disclosure
CVE-2014-5877 - Local File Inclusion in Oracle Demantra
advisories at portcullis-security
Feb 28, 2014, 7:16 AM
Post #1 of 3 (1106 views)
Permalink
Vulnerability title: Local File Inclusion in Oracle Demantra
CVE: CVE-2014-5877
Vendor: Oracle
Product: Demantra
Affected version: 12.2.1
Fixed version: 10.1.1.2
Reported by: Oliver Gruskovnjak

Details:

A Local File Include (LFI) vulnerability has been discovered in Oracle
Demantra. The vulnerability occurs when a file from the target system is
injected into a page on the attacked server page.

The vulnerable page is:
* /demantra/GraphServlet


Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5877/


Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.

Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.
Re: CVE-2014-5877 - Local File Inclusion in Oracle Demantra [ In reply to ]
advisories at portcullis-security
Feb 28, 2014, 7:27 AM
Post #2 of 3 (1083 views)
Permalink
Apologies, the CVE-ID for this advisory is actually CVE-2013-5877

On 28/02/14 15:16, Portcullis Advisories wrote:
> Vulnerability title: Local File Inclusion in Oracle Demantra
> CVE: CVE-2014-5877
> Vendor: Oracle
> Product: Demantra
> Affected version: 12.2.1
> Fixed version: 10.1.1.2
> Reported by: Oliver Gruskovnjak
>
> Details:
>
> A Local File Include (LFI) vulnerability has been discovered in Oracle
> Demantra. The vulnerability occurs when a file from the target system
> is injected into a page on the attacked server page.
>
> The vulnerable page is:
> * /demantra/GraphServlet
>
>
> Further details at:
> https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5877/
>
>
> Copyright:
> Copyright (c) Portcullis Computer Security Limited 2014, All rights
> reserved worldwide. Permission is hereby granted for the electronic
> redistribution of this information. It is not to be edited or altered
> in any way without the express written consent of Portcullis Computer
> Security Limited.
>
> Disclaimer:
> The information herein contained may change without notice. Use of
> this information constitutes acceptance for use in an AS IS condition.
> There are NO warranties, implied or otherwise, with regard to this
> information or its use. Any use of this information is at the user's
> risk. In no event shall the author/distributor (Portcullis Computer
> Security Limited) be held liable for any damages whatsoever arising
> out of or in connection with the use or spread of this information.
Re: CVE-2014-5877 - Local File Inclusion in Oracle Demantra [ In reply to ]
advisories at portcullis-security
Feb 28, 2014, 8:18 AM
Post #3 of 3 (1075 views)
Permalink
Updated URL is now:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2013-5877/
<https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2013-5795/>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal