Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Oracle E-Business Suite 12.x - Server-Side Request Forgery

🗓️ 19 Jul 2017 00:00:00Reported by Sarath NairType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 60 Views

Oracle E-Business Suite 12.x - Server-Side Request Forgery, Vendor Patch Release

Related
Code
ReporterTitlePublishedViews
Family
CNVD		Oracle E-Business Suite Unauthorized Operation Vulnerability
26 Jul 201700:00
cnvd
CVE		CVE-2017-10246
8 Aug 201715:00
cve
Cvelist		CVE-2017-10246
8 Aug 201715:00
cvelist
NVD		CVE-2017-10246
8 Aug 201715:29
nvd
Oracle		Oracle Critical Patch Update Advisory - July 2017
20 Mar 201800:00
oracle
Tenable Nessus		Oracle E-Business Multiple Vulnerabilities (July 2017 CPU) (SWEET32)
20 Jul 201700:00
nessus
Prion		Design/Logic Flaw
8 Aug 201715:29
prion
Vulnrichment		CVE-2017-10246
8 Aug 201715:00
vulnrichment
# Exploit Title: Oracle E-Business Suite - Server Side Request Forgery
# Date: 19 July 2017
# Exploit Author: Sarath Nair aka AceNeon13
# Contact: @AceNeon13
# Greetings: Raj3sh.tv, Deepu.tv
# Vendor Homepage: www.oracle.com
# Software Link:
http://www.oracle.com/us/products/applications/ebusiness/overview/index.html
# Version: Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
# CVE: CVE-2017-10246

# PoC Exploit: Server Side Request Forgery
------------------------------------------
Vulnerable URL:
http://
<EBS_Application>/OA_HTML/help?locale=en_AE&group=per:br_prod_HR:US&topic=http://
<Internal_IP:Port>

# Description: The application is vulnerable to server side request forgery
attacks. We were able to use the web server to send packets internally and
thereby perform port scan on other internal assets and/or obtain
information accessible only from inside or otherwise not accessible to an
external user. It was also possible to query internal server information
otherwise unavailable publicly.
# Impact: A presumed attacker could use EBS server resources to conduct
internal information gathering or obtain information otherwise inaccessible
publicly.
# Solution: Apply the oracle EBS patch released on 18 July 2017

########################################
# Vulnerability Disclosure Timeline:

2017-April-29:  Discovered vulnerability
2017-April-30:  Vendor Notification
2017-May-01:  Vendor Response/Feedback
2017-July-18:  Vendor Fix/Patch
2017-July-19:  Public Disclosure
########################################

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 Jul 2017 00:00Current
8.3High risk
Vulners AI Score8.3
CVSS 26.4
CVSS 38.2
EPSS0.12912
SSVC
vulnerabilityserver side request forgeryinternal assetsport scaninformation gatheringoracle ebspatchpublic disclosure
60