Imperva Cyber Community

View Only

Back to discussions

Expand all | Collapse all

CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

Jump to Best Answer

1. CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

Like
Ken Chau
Posted 05-18-2023 05:54
Dear all,

Recently I see some one is trying to exploit this from the Internet, do we have a signature/policy to block it? Thank you.

Unauthenticated Blind SSRF in Oracle EBS | by John M | Medium

#On-PremisesWAF(formerlySecuresphere)

------------------------------
Ken Chau
IT Manager
------------------------------
2. RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

Like
Sarah Lamont
Posted 05-22-2023 02:42
Hi Ken,

Let me look into this for you.

Many thanks,

Sarah

------------------------------
Sarah Lamont
Digital Community Manager
------------------------------
3. RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS
Best Answer

Like
Sarah Lamont
Posted 05-23-2023 05:53
Hi Ken,

I connected with our Threat Research team and here is their response...

We have verified in CWAF that the rule is good.
We will deliver a signature for the CVE with the ADC RCP 30-mayIf you need, below are manual mitigation steps to address CVE-2018-3167:

Create a new manual dictionary or use an existing one

Create 1 new signature (inside the dictionary from the previous step) with the following definition:

Signature name:

CVE-2018-3167: Oracle E-Business Suite - Unauthenticated SSRF

Signature pattern:

part="/OA_HTML/lcmServiceController.jsp", part="!DOCTYPE"

Protocols:

http
https

Search Signature in:

Urls And Parameters
3. Create a new "HTTP Protocol Signatures" policy that uses the dictionary from step 1 and apply it.

I hope this helps.

Many thanks,

------------------------------
Sarah Lamont
Digital Community Manager
------------------------------

Original Message
4. RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

Like
Ken Chau
Posted 05-23-2023 06:02
Hi Sarah,

Thanks a lot!

------------------------------
Ken Chau
IT Manager
------------------------------

Original Message
5. RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

Like
Sarah Lamont
Posted 05-24-2023 08:56
You're welcome. Happy to help!

------------------------------
Sarah Lamont
Digital Community Manager
------------------------------

Original Message

Imperva Cyber Community

CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

Ken Chau05-18-2023 05:54

Sarah Lamont05-22-2023 02:42

Sarah Lamont05-23-2023 05:53Best Answer

Ken Chau05-23-2023 06:02

Sarah Lamont05-24-2023 08:56

1. CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

2. RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

3. RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS
Best Answer

4. RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

5. RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

Contact Us

Membership

Privacy & Terms

Imperva Cyber Community

CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

Ken Chau05-18-2023 05:54

Sarah Lamont05-22-2023 02:42

Sarah Lamont05-23-2023 05:53Best Answer

Ken Chau05-23-2023 06:02

Sarah Lamont05-24-2023 08:56

1. CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

2. RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

3. RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS Best Answer

4. RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

5. RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

Contact Us

Membership

Privacy & Terms

3. RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS
Best Answer