CVE-2013-3803

Oracle Hyperion <11.1.2.305 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3803. PoCs published by Richard Warren.

AI-analyzed exploit summary This is a writeup detailing a directory traversal vulnerability in Oracle Hyperion 11. The vulnerability allows an attacker to read arbitrary files on the server by manipulating the ResourceName parameter in a GET request.

Description

Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Intelligence Service.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Richard Warren · textwebappswindows

https://www.exploit-db.com/exploits/27291

View Code ZIP pw:eip

This is a writeup detailing a directory traversal vulnerability in Oracle Hyperion 11. The vulnerability allows an attacker to read arbitrary files on the server by manipulating the ResourceName parameter in a GET request.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK