PT-2013-3238 · Oracle · Oracle Webcenter Content+1
Published
2013-04-17
·
Updated
2013-10-11
·
CVE-2013-1559
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Oracle WebCenter Content versions 10.1.3.5.1 through 11.1.1.6.0
Description
The issue allows remote authenticated users to affect availability via unknown vectors related to Content Server. It is also related to a remote code execution vulnerability in the CheckOutAndOpen.dll ActiveX component, specifically in the coao/openWebdav functionality.
Recommendations
For versions 10.1.3.5.1 and 11.1.1.6.0, consider restricting access to the Content Server component until a patch is available.
As a temporary workaround, consider disabling the
CheckOutAndOpen.dll ActiveX component to minimize the risk of exploitation.
Avoid using the coao/openWebdav functionality in the affected ActiveX component until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Checkoutandopen.Dll
Oracle Webcenter Content