CVE-2019-2579
published 2019-04-23CVE-2019-2579: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is…
PriorityP431medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
EXPLOIT
EPSS
5.08%
91.3th percentile
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | webcenter_sites | — | — |
| oracle_corporation | webcenter_sites | — | — |
Detection & IOCsextracted from sources · hover to see the quote
other_authkey_={{authkey}}&pagename=OpenMarket%2FXcelerate%2FAdmin%2FWebReferences&op=search&urlsToDelete=&resultsPerPage=25&searchChoice=webroot&searchText=%27+and+%271%27%3D%270+--↗
- →Detect exploitation attempt by matching the SQL injection payload in the POST body to /cs/ContentServer — look for the literal string "value='' and '1'='0 --" in the HTTP response body alongside 'Use this utility to view and manage URLs'. ↗
- →The attack is a two-step sequence: first a GET to extract a valid _authkey_ token (regex: NAME='_authkey_' VALUE='([0-9A-Z]+)'>), then a POST with the SQLi payload using that token. ↗
- →Monitor POST requests to /cs/ContentServer with Content-Type: application/x-www-form-urlencoded containing 'searchText' parameter with SQL injection patterns (e.g., single-quote followed by boolean logic and comment sequence). ↗
- ·Exploitation requires a low-privileged authenticated session; the attacker must first obtain a valid _authkey_ token via the GET request before the SQLi POST will succeed. ↗
- ·Only Oracle WebCenter Sites version 12.2.1.3.0 is confirmed affected; detections should be scoped to that version to reduce false positives. ↗
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection
nuclei·CVSS 4.3
CVE-2019-2579 [MEDIUM] Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection
The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is susceptible to SQL injection via an easily exploitable vulnerability that allows low privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data.
Template:
id: CVE-2019-2579
info:
name: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection
author: leovalcante
severity: medium
description: The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is susceptible to SQL injection via an easily exploitable vulnerability that allows low privileged attacker
No writeups or analysis indexed.
2019-04-23
Published