ERPScanERPSCAN-17-024DoS in Oracle E-Business Suite ANONYMOUSLOGIN
0.006 Low
EPSS
Percentile
79.2%
Application: Oracle E-Business Suite **Versions Affected: **Oracle E-Business Suite 12.2.3 Vendor:Oracle **Bugs: **DoS **Reported:**23.12.2016 **Vendor response:**24.12.2016 **Date of Public Advisory:**18.04.2017 **Reference: **Oracle CPU April 2017 Authors: Alexey Tyurin (ERPScan), Ivan Chalykin (ERPScan)
VULNERABILITY INFORMATION
Class: DoS
Impact: direct impact on availability
Remotely Exploitable: yes
Locally Exploitable: yes
CVE: CVE-2017-3555
CVSS Information
CVSS Base Score v3: 7.5/10
CVSS Base Vector:
| AV: Attack Vector (Related exploit range) | Network (N) |
|---|---|
| AC: Attack Complexity (Required attack complexity) | Low (L) |
| PR: Privileges Required (Level of privileges needed to exploit) | None (N) |
| UI: User Interaction (Required user participation) | None (N) |
| S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) | Unchanged (U) |
| C: Impact to Confidentiality | None (N) |
| I: Impact to Integrity | None (N) |
| A: Impact to Availability | High (H) |
VULNERABILITY DESCRIPTION
An anonymous attacker can send many special requests to AnonymousLogin.jsp and cause a denial of service of the whole subsystem.
VULNERABLE PACKAGES
Oracle E-Business Suite 12.2.3
SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, implement Oracle CPU April 2017
TECHNICAL DESCRIPTION
Proof of Concept
Vulnerable URL:
http://victim_ebs_server/OA_HTML/AnonymousLogin.jsp?i_1=1000&home_url=
An attacker can send multiple requests to the vulnerable JSP with incrementally increasing the i_1 parameter (1000,1001,1002,etc).
As a result, after several hundred requests the main web app (OA_HTML/AppsLogin) stops working and displays the following errors:
โFailure of server APACHE bridge. No backend server available for connectionโฆโ
โThe system has encountered an error when servicing the request, Please try againโฆโ
Related
