Hi Ken,
I connected with our Threat Research team and here is their response...
We have verified in CWAF that the rule is good.
We will deliver a signature for the CVE with the ADC RCP 30-mayIf you need, below are manual mitigation steps to address CVE-2018-3167:
- Create a new manual dictionary or use an existing one
- Create 1 new signature (inside the dictionary from the previous step) with the following definition:
CVE-2018-3167: Oracle E-Business Suite - Unauthenticated SSRF
part="/OA_HTML/lcmServiceController.jsp", part="!DOCTYPE"
http
https
Urls And Parameters
3. Create a new "HTTP Protocol Signatures" policy that uses the dictionary from step 1 and apply it.
I hope this helps.
Many thanks,
------------------------------
Sarah Lamont
Digital Community Manager
------------------------------
Original Message:
Sent: 05-22-2023 02:41
From: Sarah Lamont
Subject: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS
Hi Ken,
Let me look into this for you.
Many thanks,
Sarah
------------------------------
Sarah Lamont
Digital Community Manager
Original Message:
Sent: 05-18-2023 05:53
From: Ken Chau
Subject: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS
Dear all,
Recently I see some one is trying to exploit this from the Internet, do we have a signature/policy to block it? Thank you.
Unauthenticated Blind SSRF in Oracle EBS | by John M | Medium
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Ken Chau
IT Manager
------------------------------