nuclei-templates/cves/2021/CVE-2021-35587.yaml

id: CVE-2021-35587

info:
  name: Pre-auth RCE in Oracle Access Manager
  author: cckuailong
  severity: critical
  description: |
    Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.
  reference:
    - https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316
    - https://nvd.nist.gov/vuln/detail/CVE-2021-35587
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-35587
    cwe-id: CWE-502
  metadata:
    fofa-query: body="/oam/pages/css/login_page.css"
  tags: cve,cve2021,oam,rce,java,unauth,oracle

requests:
  - method: GET
    path:
      - '{{BaseURL}}/oam/server/opensso/sessionservice'

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: header
        words:
          - "x-oracle-dms-ecid"
          - "x-oracle-dms-rid"
        condition: or
        case-insensitive: true

      - type: word
        part: body
        words:
          - "/oam/pages/css/general.css"
add CVE-2021-35587 (#3872) * add CVE-2021-35587 * fix verbose space * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-19 08:54:33 +00:00			`id: CVE-2021-35587`

			`info:`
			`name: Pre-auth RCE in Oracle Access Manager`
			`author: cckuailong`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`severity: critical`
add CVE-2021-35587 (#3872) * add CVE-2021-35587 * fix verbose space * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-19 08:54:33 +00:00			`description: \|`
			`Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.`
			`reference:`
			`- https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316`
			`- https://nvd.nist.gov/vuln/detail/CVE-2021-35587`
			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 9.8`
add CVE-2021-35587 (#3872) * add CVE-2021-35587 * fix verbose space * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-19 08:54:33 +00:00			`cve-id: CVE-2021-35587`
			`cwe-id: CWE-502`
			`metadata:`
			`fofa-query: body="/oam/pages/css/login_page.css"`
tag update 2022-03-19 08:55:34 +00:00			`tags: cve,cve2021,oam,rce,java,unauth,oracle`
add CVE-2021-35587 (#3872) * add CVE-2021-35587 * fix verbose space * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-19 08:54:33 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/oam/server/opensso/sessionservice'`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`part: header`
			`words:`
			`- "x-oracle-dms-ecid"`
			`- "x-oracle-dms-rid"`
			`condition: or`
			`case-insensitive: true`

			`- type: word`
			`part: body`
			`words:`
			`- "/oam/pages/css/general.css"`