cve/2019/CVE-2019-2576.md

### [CVE-2019-2576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2576)
![](https://img.shields.io/static/v1?label=Product&message=Service%20Bus&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.1.1.9.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20HTTP%20to%20compromise%20Oracle%20Service%20Bus.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20partial%20denial%20of%20service%20(partial%20DOS)%20of%20Oracle%20Service%20Bus.&color=brighgreen)

### Description

Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Service Bus. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

### POC

#### Reference
- http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

#### Github
- https://github.com/omurugur/Oracle_Attip_XML_Entity_Exploit
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-2576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2576)`
			`![](https://img.shields.io/static/v1?label=Product&message=Service%20Bus&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.1.1.9.0%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20HTTP%20to%20compromise%20Oracle%20Service%20Bus.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20partial%20denial%20of%20service%20(partial%20DOS)%20of%20Oracle%20Service%20Bus.&color=brighgreen)`

			`### Description`

			Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Service Bus. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

			`### POC`

			`#### Reference`
			`- http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`#### Github`
			`- https://github.com/omurugur/Oracle_Attip_XML_Entity_Exploit`