Published: 23/04/2019 Updated: 24/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Service Bus. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle service bus 11.1.1.9.0
oracle service bus 12.2.1.3.0
oracle service bus 12.1.3.0.0

Oracle Attip XML Entity Exploit

XML Entity Expansion at Service Bus CVE-2019-2576 Overview: As can be seen in the following request / response example, the xml entity expansion attack can be performed, and this attack can send requests that exceed the existing memory and processor capacities, causing memory bottlenecks and preventing the service from running 10kb more requ

Oracle Attip XML Entity Exploit

XML Entity Expansion at Service Bus CVE-2019-2576 Overview: As can be seen in the following request / response example, the xml entity expansion attack can be performed, and this attack can send requests that exceed the existing memory and processor capacities, causing memory bottlenecks and preventing the service from running 10kb more requ

NVD-CWE-noinfo http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://nvd.nist.gov https://github.com/omurugur/Oracle-Attip-Xml-Entity-Exploit

CVE-2019-2576

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect