CVE-2019-2578
published 2019-04-23CVE-2019-2578: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is…
PriorityP276high8.6CVSS 3.0
AVNACLPRNUINSCCHINAN
EXPLOIT
EPSS
67.54%
99.2th percentile
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. While the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | webcenter_sites | — | — |
| oracle_corporation | webcenter_sites | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences
url/cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/Slots
path/cs/Satellite
- →Probe unauthenticated GET requests to the two admin endpoints; a successful (non-redirect, non-403) response body matching the admin page content indicates the broken access control is exploitable.
- →The Nuclei template uses stop-at-first-match across both admin pagename paths, meaning either endpoint returning admin content confirms exploitation.
- →Detection targets Oracle WebCenter Sites version 12.2.1.3.0 specifically; scope scanning to hosts exposing the /cs/Satellite servlet. ↗
- →The vulnerability is unauthenticated and reachable over HTTP with no special preconditions (AC:L, PR:N, UI:N), making it trivially scannable from the network. ↗
- ·The Nuclei template's regex matcher body is empty, meaning the detection rule as published does not have a defined match pattern and will not produce reliable results without a proper regex being supplied.
- ·Only version 12.2.1.3.0 of Oracle WebCenter Sites is confirmed affected; scanning other versions may produce false positives. ↗
CVSS provenance
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control
nuclei·CVSS 8.6
CVE-2019-2578 [HIGH] Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data.
Template:
id: CVE-2019-2578
info:
name: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control
author: leovalcante
severity: high
description: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data.
impact: |
Successful exploitation of this vulnerability could al
No writeups or analysis indexed.
2019-04-23
Published