CVE-2013-0397

Oracle Applications Framework - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-0397. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary This advisory describes a vulnerability in Oracle Application Framework where diagnostic and developer modes can be enabled by setting specific cookies, leading to information disclosure. No exploit code is provided, only a detailed explanation of the vulnerability and remediation steps.

Description

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Trustwave's SpiderLabs · textwebappsjsp

https://www.exploit-db.com/exploits/24158

View Code ZIP pw:eip

This advisory describes a vulnerability in Oracle Application Framework where diagnostic and developer modes can be enabled by setting specific cookies, leading to information disclosure. No exploit code is provided, only a detailed explanation of the vulnerability and remediation steps.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Oracle Application Framework (11.5.10.2, 12.0.6, 12.1.3)

No auth needed

Prerequisites: Access to the target application · Ability to set cookies in HTTP requests

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/57126

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=139344343412337&w=2

Scores

EPSS 0.0267

EPSS Percentile 83.8%

Details

Status published

Products (3)

oracle/e-business_suite 11.5.10.2

oracle/e-business_suite 12.0.6

oracle/e-business_suite 12.1.3

Published Jan 17, 2013

Tracked Since Feb 18, 2026