CVE-2018-3167
published 2018-10-17CVE-2018-3167: Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported…
PriorityP348medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
17.12%
96.7th percentile
Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | application_management_pack | — | — |
| oracle | application_management_pack | — | — |
| oracle | application_management_pack | — | — |
| oracle | application_management_pack | — | — |
| oracle | application_management_pack | — | — |
| oracle | application_management_pack | — | — |
| oracle_corporation | application_management_pack_for_oracle_e-business_suite | — | — |
| oracle_corporation | application_management_pack_for_oracle_e-business_suite | — | — |
| oracle_corporation | application_management_pack_for_oracle_e-business_suite | — | — |
| oracle_corporation | application_management_pack_for_oracle_e-business_suite | — | — |
| oracle_corporation | application_management_pack_for_oracle_e-business_suite | — | — |
| oracle_corporation | application_management_pack_for_oracle_e-business_suite | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Send an HTTP POST request to /OA_HTML/lcmServiceController.jsp and check for the string 'Unexpected text in DTD' in the response body with HTTP status 200 to confirm blind SSRF vulnerability. ↗
- →The vulnerability is unauthenticated and reachable via HTTP with no prior authentication (PR:N, UI:N), making it trivially exploitable from the network. ↗
- →Exploitation can be used to reach internal HTTP-enabled services (e.g., databases) or issue POST requests to unexposed internal services — monitor outbound HTTP connections originating from the EBS application server. ↗
- ·Affected versions are limited to Oracle E-Business Suite Application Management Pack versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7 — detections should be scoped to these versions. ↗
- ·The SSRF is blind — there is no direct response data leak; impact is limited to unauthorized read access to a subset of accessible data and internal service interaction. ↗
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Oracle E-Business Suite - Blind SSRF
nuclei·CVSS 5.3
CVE-2018-3167 [MEDIUM] Oracle E-Business Suite - Blind SSRF
Oracle E-Business Suite - Blind SSRF
Oracle E-Business Suite, Application Management Pack component (User Monitoring subcomponent), is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform post requests towards internal services which are not intended to be exposed. Affected supported versions are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7.
Template:
id: CVE-2018-3167
info:
name: Oracle E-Business Suite - Blind SSRF
author: geeknik
severity: medium
description: Oracle E-Business Suite, Application Management Pack component (User Monitoring subcomponent), is susceptible to blind server-side request forgery. An attacker with network a
No writeups or analysis indexed.
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/105627http://www.securitytracker.com/id/1041897http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/105627http://www.securitytracker.com/id/1041897
2018-10-17
Published