HTTP: Oracle Endeca Server createDataStore Remote Command Execution
This signature detects attempts to exploit a known vulnerability in the Oracle Endeca Server. A successful attack can lead to arbitrary code execution.
Extended Description
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764.
Affected Products
Oracle fusion_middleware
References
BugTraq: 61217
CVE: CVE-2013-3763
URL: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html https://securitynews.sonicwall.com/xmlpost/oracle-endeca-server-rce-vulnerability/ http://www.zerodayinitiative.com/advisories/zdi-13-190/ http://securitytracker.com/id?1028801
Short Name
HTTP:ORACLE:ENDECA-SERVER-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2013-3763 Command Endeca Execution Oracle Remote Server bid:61217 createDataStore
Release Date
10/24/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Oracle
CVSS Score
5.5