Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

    Posted 05-18-2023 05:54

    Dear all,

    Recently I see some one is trying to exploit this from the Internet, do we have a signature/policy to block it? Thank you.

    Unauthenticated Blind SSRF in Oracle EBS | by John M | Medium


    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Ken Chau
    IT Manager
    ------------------------------


  • 2.  RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

    Posted 05-22-2023 02:42

    Hi Ken,

    Let me look into this for you.

    Many thanks,

    Sarah



    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------



  • 3.  RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS
    Best Answer

    Posted 05-23-2023 05:53

    Hi Ken,

    I connected with our Threat Research team and here is their response...

    We have verified in CWAF that the rule is good.
    We will deliver a signature for the CVE with the ADC RCP 30-mayIf you need, below are manual mitigation steps to address CVE-2018-3167:

    1. Create a new manual dictionary or use an existing one

    2. Create 1 new signature (inside the dictionary from the previous step) with the following definition:
    • Signature name:
    CVE-2018-3167: Oracle E-Business Suite - Unauthenticated SSRF
    • Signature pattern:
    part="/OA_HTML/lcmServiceController.jsp", part="!DOCTYPE"
    • Protocols:
     http
     https
    • Search Signature in:
    Urls And Parameters
    3. Create a new "HTTP Protocol Signatures" policy that uses the dictionary from step 1 and apply it.
    I hope this helps. 

    Many thanks,


    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------



  • 4.  RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

    Posted 05-23-2023 06:02

    Hi Sarah,

    Thanks a lot!



    ------------------------------
    Ken Chau
    IT Manager
    ------------------------------



  • 5.  RE: CVE-2018-3167 Unauthenticated Blind SSRF in Oracle EBS

    Posted 05-24-2023 08:56

    You're welcome. Happy to help! 



    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------