Vulnerability Details : CVE-2013-3763
Public exploit exists!
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764.
Products affected by CVE-2013-3763
- cpe:2.3:a:oracle:fusion_middleware:7.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:7.4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3763
96.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-3763
-
Oracle Endeca Server Remote Command Execution
Disclosure Date: 2013-07-16First seen: 2020-04-26exploit/windows/http/oracle_endeca_execThis module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the
CVSS scores for CVE-2013-3763
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST |
References for CVE-2013-3763
-
http://www.securitytracker.com/id/1028801
Oracle Fusion Middleware Bugs Let Remote Users Deny Service and Access and Modify Data - SecurityTracker
-
http://www.zerodayinitiative.com/advisories/ZDI-13-190/
ZDI-13-190 | Zero Day Initiative
-
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Oracle Critical Patch Update - July 2013Vendor Advisory
Jump to