id: oracle-cgi-printenv info: name: Oracle CGI printenv - Information Disclosure author: DhiyaneshDk severity: medium description: Oracle CGI printenv component is susceptible to an information disclosure vulnerability. reference: - https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/OracleCGIPrintEnv.java classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cwe-id: CWE-200 tags: exposure,oracle,config requests: - method: GET path: - "{{BaseURL}}/cgi-bin/printenv" matchers-condition: and matchers: - type: word part: body words: - 'DOCUMENT_ROOT="' - type: word part: header words: - "text/plain" - type: status status: - 200 # Enhanced by md on 2023/02/22