Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect

🗓️ 15 Jan 2018 00:00:00Reported by Andrew GillType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 65 Views

Oracle E-Business Suite 12.1.3/12.2.x is vulnerable to open redirec

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect Vulnerability
15 Jan 201800:00
zdt
Circl		CVE-2017-3528
15 Jan 201800:00
circl
CNVD		Oracle Applications Framework Remote Vulnerability
27 Apr 201700:00
cnvd
CVE		CVE-2017-3528
24 Apr 201719:00
cve
Cvelist		CVE-2017-3528
24 Apr 201719:00
cvelist
exploitpack		Oracle E-Business Suite 12.1.312.2.x - Open Redirect
15 Jan 201800:00
exploitpack
Nuclei		Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
25 Jun 202605:45
nuclei
NVD		CVE-2017-3528
24 Apr 201719:59
nvd
Oracle		Oracle Critical Patch Update Advisory - April 2017
18 Apr 201700:00
oracle
Tenable Nessus		Oracle E-Business Multiple Vulnerabilities (April 2017 CPU)
19 Apr 201700:00
nessus
Rows per page
# Exploit Title: Oracle E-Business suite Open Redirect
# Google Dork: inurl:OA_HTML/cabo/
# Date: April 2017
# Exploit Author: [author]
# Vendor Homepage: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
# Software Link: [download link if available]
# Version: Oracle E-Business Suite  (REQUIRED)
# Tested on: [relevant os]
# CVE :  CVE-2017-3528

The exploit can be leveraged for an open redirect using the following
exploit path:

https://targetsite/OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName=&redirect=/\example.com

Oracle E-Business suite is vulnerable to an open redirect issue,
specifically the redirect parameter allows any domain to be supplied
and it will be rendered on the target's site.

Note I was also credited for this CVE, see the Oracle
CPU(http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html)

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Jan 2018 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 35.4
CVSS 25.8
EPSS0.14558
SSVC
oracle e-business suiteopen redirectvulnerabilityexploit pathtarget sitecve-2017-3528
65